if you really want passkeys to succeed why not implement it at the browser level. Basically everytime you visit a new website the browser has never seen before, the browser initiates a handshake of sorts with that website and secures a passkey for it which is stored. If the user wants to log in to that website, the browser can automatically patch in the details as and when required