I think your problem is more to do with how shitty google is anymore more than the technology of passkeys. From a cryptography perspective passkeys are much more secure than simple username/password authentication as there’s no effective way to brute force or acquire through tools like key-loggers. Like another commenter said, start looking at self hosting your own services like Vaultwarden or the like and de-Google first and foremost. One other massive benefit with passkeys is the fact that they are cryptographically unique so even if an attacker acquires one, it’s only able to be used to access a single site/account.

Estonia fuckin nailed it