I think you missed the point. If I have a passkey in 1password how does it become my passkey? As in, a passkey I can freely read, redistribute, and store in platforms that are not 1password. This is a property of passwords but not of passkeys.

Today you can do that with open source password managers, and in the future there is a passkey portability specification coming to do passkey migrations between managers.

But in general it's a bad idea to have the passkeys just sitting around in text files so the current managers are largely designed around preventing the tech support scammer from instructing grandma to dump the passkeys and email it to them.

if a passkey is exportable how is it materially different from a password? Isn't the point of a passkey to be hardware bound so it can't be swiped?

They're closer to a client side certificate - you never send the server your passkey, you sign data that proves you have it without exposing it. (Or something semantically equivalent anyway)

Other than that, which is mostly only a benefit for edge cases around partially compromised devices or servers: yeah they're not much different than random unique passwords. Except they have vendor-lock-in.

Passkeys aren't vulnerable to phishing or breaches (if they are you have bigger problems).

Passkeys would be vulnerable to phishing if password managers allowed you to export them in plaintext. Because the phishing page would just show you the steps to do this and paste the private key in.

But because most managers have no UI for doing this, it's impossible to trick someone into doing it.

Password managers could warn about this, like "WEBSITES WILL NEVER ASK YOU FOR THIS DATA". I don't think we should cripple Passkeys and limit syncing to third-party walled gardens because users are stupid.