Do you mean because you'd still be using a password for the sync service to unlock/sync them all? Yeah, you might, but that's not a password in the traditional sense. That word/phrase wouldn't be *hashed* and matched to identify you, it would be a "key* used to decrypt your passkeys. I know this sounds like nonsense, and it's a problem for adoption, but it's huge.
One less technical benefit is that even at their best, password managers don't work that well. Everyone has sites where the auto generated passwords don't work. Say the site tells you it requires a special character or something, lots of banks still do this when the generator just uses a long string of characters and dashes. Or several passwords for one site with multiple subdomains gets saved, and picking through them becomes a hassle. All that goes away with passkeys.
There are still huge benefits, but the reasoning for those is very technical, and yes, this is a big problem for passkey adoption.
Your password manager is storing a secret that can be *replayed*. If I intercept your browser authenticating to the website, I can use your password later. If I intercept the equivalent with a passkey, I have virtually nothing of value. (I can probably compromise your one session that was just created.) If the site gets compromised and your password is publickly leaked, anyone can just use it. Passkeys are storing "asymmetric" keys. The website has the "public" half, you have the "private" half. If the website gets compromised, essentially nothing matters. The public key can literally be public, and essentially zero security is lost.
The ripple effects of this are huge. 99% of the impact of website account breaches just go away.
Hopefully even if a lot of people don't see good reasoning to switch all of their old accounts over to passkeys, Apple and Google making registering for accounts using them so simple that people will start to anyways. They benefit massively even if they don't understand why.
passkeys.directory
blog.lastpass.com
