My main concern with passkeys is I'm not aware of a way to pre-authorize someone who doesn't yet have an account. For example, with email I can just grant X access to anyone who can prove they have access to Y email address. But passkeys don't have a single public handle like this. This isn't such a big deal with centralized services where everyone is likely to already have an account, but might pose a problem for selfhosted services. Still, I like passkeys and wish there was a way to have my cake and eat it too.