@nekodojo @jik : thank you for sharing your thoughts!
To add to them: a TOTP app is a stupid password manager. Most people do not understand that it more than doubles your risk of account lockout.
And that is apart from other risks excellently described Conor Gilsenan (@conorgil ) et al. in https://www.usenix.org/conference/usenixsecurity23/presentation/gilsenan (and https://github.com/blues-lab/totp-app-analysis-public).
Twilio Authy being one of the worst (echoed by https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/).
And, like SMS, TOTP apps do not protect against non-dumb AitM * attacks (Microsoft's endlessly repeated 99.9% reduction in change of getting hacked when using 2FA, extremely irritates me - considering https://techcommunity.microsoft.com/blog/microsoft-entra-blog/all-your-creds-are-belong-to-us/855124 from 2019 - and, although an advertisement, IMO a good article: https://www.bleepingcomputer.com/news/security/mfa-matters-but-it-isnt-enough-on-its-own/).
* Attacker/Adversary in the Middle.
IMO, the nr. 1 advantage of passkeys is the "built in" domain name check - which makes phishing attacks a *lot* harder (albeit not impossible: https://infosec.exchange/@ErikvanStraten/112914050216821746).
The fact that stealing private keys is next to impossible, does not protect against device or browser compromise: after logging in using your ultra-secure MFA, your authentication gets replaced by a 1FA session cookie (or something similar). Most websites do NOT bind such cookies to the client's IP-address, making them prime "copytheft" targets (https://labs.beazley.security/articles/ghost-in-the-zip-or-new-pxa-stealer-and-its-telegram-powered-ecosystem).
Also, for an attacker with access to your credentials record on a webserver, indeed there's no point in "copystealing" your passkey's/YubiKey's public key. However, the attacker can REPLACE your pubkey with theirs, or add their own. Those pubkeys are NOT wrapped in a certificate (signed by a *trustworthy* third party) proving who generated the keypair. And there are no revocation facilities in case your device gets stolen.
Furthermore, passkey downgrade-to-weaker-auth attacks pose a threat BECAUSE you MAY lose them (or access to them).
For example, on Android, if you want to change (or remove) your "sync passprase", Google tells you to tap "Delete data" (see the screenshot below). Adam Langley's (@agl ) pathetic joke "This might delete some data from your devices" [1] actually means that "you'll lose all of your passkeys" (on all of your synced Android devices; contrary to popular belief, Android passkeys are cloud based).
[1] https://seclists.org/fulldisclosure/2024/Feb/15
A decent password manager that checks for the domain name (i.e. using AutoFill on Android or iOS/iPadOS) is not a bad idea after all.
Online auth is HARD. Let's not lie that it can be made simple.
New vulnerability alert! 
Researcher Marek Toth reveals that browser extensions of popular password managers can be exploited via DOM-based clickjacking to steal your access data. Several managers have patched it, but update yours now & follow best practices for protection! 
#CyberSecurity #PasswordManager #DataTheft https://www.heise.de/en/news/Password-manager-Browser-extensions-can-enable-data-theft-10573607.html
Major password manager extensions—1Password, Bitwarden, LastPass, Enpass, iCloud Passwords & LogMeOnce—are vulnerable to clickjacking attacks that risk exposing login credentials & sensitive data. 
; others lag behind. Users should update extensions & disable autofill until fixes. 
Passbolt docs now cover clear admin guidance on resource metadata encryption. This section includes how to generate a shared key, enabling encrypted and legacy formats, and migrating existing resources. The section is a work in progress and will expand as the feature matures.
