You didn't get my point. It's not the lack of security training, but the issue is that the security training focuses on intangible things like passwords, domain names, links, emails. Yubikey is the opportunity to break this model and focus on tangible and tactile things that exist in the physical world. A passkey synced using iCloud or Google account does not break that model and will continue to be less understandable for real users than Yubikeys.
There are plenty of cases where I know that people have misplaced Yubikeys. They might have a spare Yubikey. Or the equivalent to finding a locksmith is to log in with a non-passkey method. It's fine and in fact better if logging in without a passkey is considered an unusual fallback.
> A passkey synced using iCloud or Google account does not break that model
Yes, yes it does. Have you seen how hard it is to recover these accounts? There's not uncommon HN posts that do get these solved, but only then by high visibility. A method most people do not have available to them.
> Or the equivalent to finding a locksmith is to log in with a non-passkey method
Sure, it is just that the backup methods end up undermining the security key.
There are plenty of cases where I know that people have misplaced Yubikeys. They might have a spare Yubikey. Or the equivalent to finding a locksmith is to log in with a non-passkey method. It's fine and in fact better if logging in without a passkey is considered an unusual fallback.