Agreed. Passkeys are not as simple and straightforward as their proponents make them out to be. They are device and vendor dependent. They'll work with one browser, but perhaps not another one. Or device. Or app/web-site. Or password vault. This introduces a level of confusion that can be exploited by an attacker when a naive user is trying to set one up. "Hey, I've got a browser plugin that will make it work for you!" Oops.

For now I'll continue opting for a strong password with a TOTP 2FA. TOTP (RFC 6238) doesn't have any of the device dependency and vendor issues listed above. It's simple and straightforward, something I can grok well enough to stay safe.