Passkeys are in theory held in hardware, which in your cryptocurrency analogy is more like a hardware wallet - a malicious attacker can still use it online but can't steal the keys for later offline use.
In theory, because most consumer-grade providers do offer some sync option which breaks the "100% hardware" guarantee and could allow malicious software to use this functionality to steal the raw key material for later offline use.
Passkeys are a slight upgrade in terms of security but a huge upgrade in terms of vendor lock-in and discouraging people from escaping whatever Big Tech walled garden they're currently in. That's why they're being pushed so hard.
Nope. Passkeys replace passwords, just as SSH keys replace your root password during login.
Passkeys alone are a slight upgrade in terms of security compared to password only. They are a major downgrade in terms of security compared to password + second factor.
They are not being pushed for vendor lock in purposes. They are being pushed because passwords are a completely terrible user experience and terrible security story for 99.99% of users on the internet.
There's no "in theory" or "breaks the 100% hardware guarantee". Passkeys were specifically designed to be able to sync. There are also device-bound passkeys that can't be synced, if you want that. That is all.
In theory, because most consumer-grade providers do offer some sync option which breaks the "100% hardware" guarantee and could allow malicious software to use this functionality to steal the raw key material for later offline use.
Passkeys are a slight upgrade in terms of security but a huge upgrade in terms of vendor lock-in and discouraging people from escaping whatever Big Tech walled garden they're currently in. That's why they're being pushed so hard.