Of the eight-odd services I've set up to use WebAuthN 2FA or passkeys, I think three of them have subsequently locked me out of my account because they couldn't talk to the security key properly.
Up until this week, Google would let me *register* via Firefox WebAuthN, but completely refuse to let me actually log in unless I used Chrome. Apparently Chrome is broken now too.
Trimble happily let me register the Titan key as a passkey, and then locked me out of the account permanently. Thankfully all it took was one email to support to get them to reset my password (!)
Apple seems to have no concept that someone would not own an iPhone, and insists I return home to look at my iPad instead.
@aphyr been down this road and I am back to just random passwords that I maintain via GPG. All as long as the service allows. 128 character random garbage? Sure, I’ll take it. But passkeys are too error prone at the moment.
And being on FreeBSD, manually maintaining 2FA keys like a Yubikey broke the actual hardware key one too many times.