> chosen to sync the passkey using my 1Password password manager. In theory, that choice allows me to automatically use this passkey anywhere I have access to my 1Password account
I have never used passkeys and don't know much about them, but isn't the main point that they're distinct per device?
If one syncs pass keys using a password manager, what benefit do they bring over passwords?
They don't bring any user-visible benefit over passwords if you use a password manager for your password (so that the password is stored securely on disk behind the password manager's login) *and* the password is unique and large (eg randomly-generated by the password manager) *and* you have the password manager autofill it instead of copy-pasting it manually (because the password manager can reliably check the domain name without falling for lookalikes, homoglyphs, etc).
From a UX perspective, passkeys eliminate user choice about the above matters, so it's easier to railroad users into secure-by-default.
From a technical perspective, a shared secret like a password is generally worse than an asymmetric key like a passkey, especially since stupid websites can save the password directly instead of using a KDF in the usual way and then get breached, but if the secret is unique that matters less.
The main benefit: if used to replace passwords, they eliminate bad passwords and password reuse and password leaks by things you log into. Which is a gigantic improvement in practice, as those are extremely common ways for mass account theft.
(I am not personally a fan of passkeys for a variety of reasons, but the main goal is very pragmatic and something like passkeys is a very obvious choice. I just don't like this spec, the UX awfulness and railroad-everyone-into-giga-corp-systems-and-giving-up-all-control shown in this article is a direct and very predictable result of the spec's decisions.)
---
Per-device is an option (part of the spec, and I believe always allowed), but it has a bootstrapping problem that leads to custom out-of-spec shenanigans (how do you attach your account to a second device, without any other way to log in, if the new device has nothing that can prove it's related to the other?) and most people don't have enough devices to be able to have guaranteed backups. Lose your phone and you might lose literally everything. Or a house fire. Data is FAR easier and cheaper to put in multiple locations for redundancy.
Also I set up new devices like a dozen times a year, whether it's a new physical device (relatively rare) or simply an erase and start over / OS switch (at least annually , it ensures my backups work and I get rid of cruft). If my passwords weren't backed up and handled with far more paranoia than my browser session, I've have lost them at least a couple times.
It is possible to use distinct passkeys per device, but that's a crappy user experience, similar to having a distinct SSH private key per device (which is also often recommended by naive technologists). You generally want to lean towards turning M * N problems into M + N problems.
I have never used passkeys and don't know much about them, but isn't the main point that they're distinct per device?
If one syncs pass keys using a password manager, what benefit do they bring over passwords?