Basically dedicated 2FA hardware.
If you lose it, you’re fucked, end of story.
You do not need specific hardware to use passkey. For example you can use a password manager like Bitwarden and have your passkeys sync between multiple devices, including a good old regular computer.
Specific hardware car be use to secure how the passkeys are stored. For example, smartphones usually have a security chip that help s with storing encrypted data.
Your milage will vary with your corporate policies. You’re not wrong, but you’re not completely right.
I can’t just pick up any smartphone and install a passkey manager on it. It has to adhere to some specific hardware requirements (like a dedicated chip or instruction set on a CPU).
So yea, in standing by the 2fa dedicated hardware line. It’s easier than getting into the weeds on hardware device configuration.
Your milage will vary with your corporate policies.
What does this have to do with anything?
I can’t just pick up any smartphone and install a passkey manager on it.
Sure, because “any smartphone” includes smartphones that don’t turn on, that are locked with a passcode you don’t know, or that are running a 10 year old OS.
Which modern smartphones (meaning, still supported by its manufacturer and running a current OS, i.e., iOS 17/18 or Android 14/15) don’t have passkey support? I don’t know of a single one.