We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda suck...
I wish all sites using 2FA would just support hardware keys instead of authenticator apps. It's so much easier to login to a site by just plugging in my hardware key and tapping its button, than going to my authenticator app and typing over some code within a certain time.
It's even sinpler than email 2fa or sms 2fa or vendor app 2fa.
For authenticator app you also can't easily add more devices unless you share the database which is bad for security. For hardware security key you can just add the key as an additional 2fa, if the site allows it.
Agreed, my main issues with hardware keys are that so few sites support them, and the OS support is kinda bad like in Windows the window pops up underneath everything and sometimes requires a pin entered.
I also hate that when I last looked nobody made a key that supports USB-C, USB-A, and NFC. So now I've got an awkward adapter I need to carry on my keychain.
I've got one each of the USB-C and USB-A versions. The USB-A is actually the one that lives on my keychain as the connector is more robust against debris and I was able to find an adapter that is on a lanyard.