alt Hacker Newstbh I think it's safe to claim they're strictly inferior to passwords, though in almost all cases they're literally identical (as you point out).
e.g. that phone call case: some places will tell you a temporary password (over the phone) to enter next time, and then you come up with a new one when you log in. there is no equivalent flow for passkeys, because you can't enter them by hand. a site could of course build that for passkeys (like a temporary password with special UI for entering it), but literally every site with passwords can do that by default, it just needs a general admin UI which almost always exists.
(most I've encountered will email you a temp password, and in principle you could email a temp passkey too... but that doesn't work by phone / for manual entry, and is there a spec on that file format? I don't think so? in your password manager right now: is there a place to manually import a passkey for a website? half of mine don't have one for passkeys, but every single one I've ever seen has a way to manually enter a password)
> but literally every site with passwords can do that by default, it just needs a general admin UI which almost always exists.
Most sites/systems that are designed for security won't have such an admin UI - passwords should generally not be handled in a way where anybody other than the user is ever able to know what they are.