A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
Yubikey ftw
That’s not a passkey. It’s a security key. RTA.
FYI Yubico (who makes them) have devices compatible with each. You can technically use the passkey standard with a yubikey security key since it’s all FIDO2 protocols, but it’s certainly not standard
It’s just a question of device bound keys (the default for yubikeys) vs platform / exportable keys (passkeys), but the websites can’t tell the difference if you don’t tell it