It's a poorly argued point, agree. Essentially the author is arguing that the ability in the WebAuthN protocol for Relying Parties to be able to specify `rk=required` is considered harmful because it excludes tons of TPM hardware from being able to work as a Passkey wallet/db. I think most people in the comments probably agree. That doesn't excuse all the confusion the author creates by essentially bike-shedding the definition of passkey for half the essay.
The hype around passkeys is high enough that basically all authentication layers are requiring passkeys when they're available. This is a problem because passkeys must be stored in the client-side authenticator (password manager, hardware token, whatever), some of which have very limited capacity for storing them.
This is compounded by two problems: (1) Extant standards for storing these keys on hardware tokens don't allow deleting them individually, though this is changing in the newest standard; (2) Many current hardware tokens claim to have huge capacities, but this is based on a different challenge-response mechanism than passkeys. As a result, users will be pressured into using passkeys often, run out of precious passkey space despite thinking they have plenty, and then be forced to forego the benefits moving forward or reset and lose their keys.
