Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
All I know is a few months back someone setup a passkey on a shared google account at my job and now nobody but knows what the password for our email is. I can use the passkey to sign in with my phone, but only I can do that.
If you can sign in, you should be able to reset the password.