Aren't "cloud" passkeys multi-device FIDO credentials [1][2] where if you lose all devices with access to your keychain you can use account recovery [3] to get a copy on a new device?
So I thought you shouldn't need an additional passkey device or to remember anything special other than account recovery information.
Then, optionally/implementation specific(?), when you login with a new device for the first time, with that cloud/multi-device credential, some other shenanigans happen. [4](?)
The fact that the other three links go to whitepapers and specs is part of the PR problem passkeys have. It's hard to parse for answers to simple questions.
Such as: what if I don't want to use Apple any longer and wish to move to another provider?
If we don't want to use Apple any longer, then I'm afraid we have to manually recreate create and register new passkeys for every service we use... At least, that's my understanding. I hope they fix this with a "portability" solution.
So I thought you shouldn't need an additional passkey device or to remember anything special other than account recovery information.
Then, optionally/implementation specific(?), when you login with a new device for the first time, with that cloud/multi-device credential, some other shenanigans happen. [4](?)
[1] https://media.fidoalliance.org/wp-content/uploads/2022/03/Ho... [pages 5-7]
[2] https://www.w3.org/TR/webauthn-3/#backup-eligible
[3] https://support.apple.com/guide/iphone/passkeys-passwords-de...
[4] https://www.w3.org/TR/webauthn-3/#sctn-device-publickey-exte...