>They bind you to your device/iCloud/Gaia account so if it gets stolen/banned you're out of luck

This is the biggest myth/misconception I see repeated about passkeys all the time. It's a credential just like your password. If you forget it, you go through a reset flow where a link is sent to your email and you just setup a new one.

And if it happens to be your Gmail account that you're locked out of, you need to go through the same Google Account Recovery flow regardless of whether you're using a password or a passkey.

First, in relation to TFA: even if you regain access through a recovery channel, any data that was encrypted using your lost passkey will now be gone.

There are also many exciting new ways you can lose your passkey that wasn't the case with a password you can remember in your mind. The person you responded to is worrying about big tech randomly banning you and making you lose access, in the meanwhile I'm mostly worried about losing the physical device containing the key. I don't think I will forget, say, my Google password unless I got Alzheimers or got hit in the head by a hammer, at which point I will have bigger problems than a lost Google account.

And let's not pretend account recovery process is always smooth and easy. They may require evidence from your other accounts you cannot access now due to the key loss. They may demand government IDs that might have been lost alongside your device. They may also just deem your recovery attempt fraudulent and ban you for no reason (which I similar to the scenario the post you are replying to desctibed.)

Genuine question: what if the recovery asks for a 2nd factor that's e.g. the device which you lost? Is that common?

Personally I don't really trust companies to not do a whoopsie and permanently lock you out when you lose credentials. Especially when the company is big or hard to access in person.

For someone like me who already uses a password manager for everything, passkeys seem to add no security while reducing usability and control.