Short question: Is is possible to disable the iCloud Keychain synchronization of the Passkeys on-demand?
This would ensure and allow device-specific binding where necessary.
Passkeys on Apple platforms require iCloud Keychain. One of the core goals of passkeys is to be a replacement for passwords. Despite their faults, one of the best properties of passwords is their incredible usability, being durable against device loss or damage and usable on all of your devices. A realistic password replacement needs to match that level of user trust and ease of use.
Passkeys provide the benefits of a device-bound credential — categorically solving weak/guessable credentials, reused credentials and credentials stuffing attacks, credential leaks from servers, and most importantly, phishing — with the usability that’s required to truly replace the password.