Too bad the spec is stupid and requires password managers to be identifiable so servers can deny the "insecure ones". It's already a pain to use Keepassxc for otp since they all want you to use their apps but it's still doable (the worst offender being steam where you have to hack your own app to extract the otp secret). With passkeys you won't have a choice to use The Google AuthenticatorTM etc because eventually some exec will find they can block every provider except their own to boost app download KPI. I really like concept of passkeys, the simple fact of using asymmetric keys is so much better than giving the secret to prove you have it, but the spec is hostile and thought for vendor closing.

IIRC KeepassXC can just identify as Apple Passkeys and it will work fine.