The average user can't tell you what a passkey is, whereas even an eight-year-old can understand passwords. The FIDO Alliance provides branding, but nobody uses it. So when a browser asks you Do you want to save a passkey?, nobody knows what that's going to do.
Most devices will have multiple passkey storage platforms. Some devices will just present each passkey storage prompt one after the other, rather than offering a selection. How can any user be expected to make a choice like that? Can you remember whether you saved that passkey with the Apple prompt
or with the Chrome prompt
? An inexperienced user might just accept the first one, because they've been told that passkeys are good, without knowing which passkey storage platform they've just chosen to use.
Some passkey storage platforms will allow you to export passkeys, but 1Password, Lastpass, and probably others, don't; so your private keys are stuck there with no way to extract them. The passkey standard doesn't mandate portability, so moving between ecosystems is painful or impossible. We're pressing on with adoption in a security domain where vendor lock-in is dangerously commonplace.
Some websites have already made passkeys mandatory. Say you create a passkey on your phone, then sit down at your laptop and... you can't sign in. Drop your phone in a lake and you might be locked out permanently, because some websites have been known to disable your password and only allow one single passkey - that's right, they've limited you to just one device. Cross-device sync might work — if both devices share the same passkey software, which isn't always the case. Most users won't know any of this until it's too late.
The passkeys standard lets websites stipulate whether passkeys be stored on this device (platform) or another device (cross-platform). Demanding that passkeys be stored on this device while using a library terminal or a public kiosk is effectively pointless. Likewise, forcing the user to store passkeys on another device is unnecessary friction. This shouldn't be a part of the standard, the user should always have a choice.
The intention behind passkeys is good: public-key authentication for the masses; but the reality of the ecosystem lets them down. We can do so much better.