>along with a memorized password—

So, your solution is passwords with extra steps.

Thanks but no thanks.

>I personally keep a separate YubiKey that—along with a memorized password—is sufficient for me to retrieve my password manager database and unlock it.

So, basically, having to create and maintain a backup device to keep separately from my laptop/phone in case they get stolen, make sure I don't lose it, but carry it with me everywhere like a crucifix.

That, and still having to remember and use a password, because otherwise the thieves get control of everything once they steal my device.

Sure. That's not objectively better than passwords which don't require this sort of hassle.

At the very least because it still requires a password.

>you too can take these kinds of steps to mitigate the risk.

OK. I can. I don't want to have to do these kind of steps, or any other dance to mitigate the real risks that passwords already protect me from.

Passkeys mitigate risks which I don't run into (”what if someone learns my password?”), while introducing others.

They are a convenience for people who run the system because they off-load those risks onto users.

>But since we’re playing the “what if” game

You're playing games with contrived hypotheticals.

I've had my laptop, phone, and wallet stolen on an overseas trip.

>what happens if you [...] forget your passwords?

I click the "forgot your password?" link which every website that uses passwords has.

Having a notebook in a vault with passwords also solves this problem.

I don't get a sudden onset of dementia which causes amnesia when I travel.

But I've lost my devices and had them stolen from me overseas.

It was a big enough hassle even though I did have the passwords.