In your case it's literally the same "complexity" as user/pass with 2FA. You need something to manage the passkeys, just like you need something to manage your second factor. Everything else you list as a worry is already in play.

FIDO is a standards body which produces specifications used by these systems.