That list makes for a nice slidedeck but the separation (like many things in tech) isn't as clear cut as the metaphor.

"Something you know" (password) becomes "something you have" as soon as you store/autogenerate/rotate those passwords in a manager (which is highly recommended).

"Something you have" in the form of a hw key is still that device generating a key (password) that device/browser APIs convey to the service in the same way as any other password.

"Something you are" is a bit different due to the algorithms used to match biometric IDs but given that matching is less secure than cryptographic hash functions - this factor is only included in the list for convenience reasons.

The breakdown of this metaphor is one of the reasons passkeys are seen as a good thing.

Not sure what you mean, it's still a second unique token that an attacker would need to know to access my account, so it's improving my security even when stored in my password manager. This was in response to grandparent's opinion that it's "at best a reduction in security".

I'm not talking about my password vault getting breached, in that case I'd be fucked either way.

> I'm not talking about my password vault getting breached, in that case I'd be fucked either way.

But that's the whole point. If your password vault is breached, the second factor is what prevents you from being fucked. That's why putting your seeds in the vault is a reduction in security. It may be a reduction/risk that you're willing to take for convenience, but it's still a reduction.