> Can they safely forget their password?

No. Don't forget your password. Why would you?

> How do they switch from iOS to Android and vice versa without losing access to all accounts?

Use your password. Or if you can't use it use the "I forgot my password" process.

> Can I login on my friend's phone using my face? Yes, because it's authenticating my face, right?

They can try if they have this question. I wouldn't expect it to work because it is my phone who knows my face and not the website. But if that is too much thinking for an unsophisticated user they just try it and see that it doesn't work.

> What happens if I lose access to my iCloud or Google account?

You use the "Forgot my password" process of the site.

> Why does website X say "your browser does not support passkeys", but it works on website Y? Is Firefox really bad? Do I have to switch to Chrome?

As an unsophisticated user my phone have none of these things.

> please don't use any assumptions you might have about these flows from your background knowledge as a developer.

That is a bit like asking to not think of a pink elephant. But also I haven't thought of any of these questions as I was enrolled using my passkey. (Nor did I think about these questions ever since even once.) So I would suspect worrying about these questions is not the primary reason why people use or don't use passkeys.

> No. Don't forget your password. Why would you?

Because passkeys are replacing my password, right? Also, I think if I don't ever have to provide it on a regular basis, I'll eventually forget it.

> Use your password. Or if you can't use it use the "I forgot my password" process.

Why should I use passkeys then if I sometimes need my password anyway?

> They can try if they have this question.

Ok, I tried it and it doesn't work. Is that my fault or the site's? I'm confused – will your support be able to help me out?

> Nor did I think about these questions ever since even once.) So I would suspect worrying about these questions is not the primary reason why people use or don't use passkeys.

These concerns aren't about people not using passkeys, quite the opposite: They're about sharp edges that people usually only hit months or years into using a new authentication method.

> These concerns aren't about people not using passkeys, quite the opposite

The person who I responded to said:

“this stuff is hard to explain to end users. This is the reason it's not widely used yet even on the handful of platforms that provide this option.”

They clearly think “hard to explain” is the reason why they are not more popular. That is what i responded to. You are making an orthogonal point about trickyness of account recovery. (One i largely agree with, but has nothing to do with the ease of explaining passkeys)

I'm not sure "fall back on the existing method" is really an explanation though. It's like saying, "stick shift is easy to explain, whenever you're confused just switch back to standard."

Passkeys are meant to be a password replacement. "Use your password" can't be the answer to "how do I do X with passkeys"? We're talking about onboarding people onto a separate system, they're going to want to know why they're being asked to use two systems simultaneously.

I wouldn't say these are orthogonal.

Platform operators do think about support load and edge cases like the ones I've mentioned, and so to them these are obstacles to deploying passkeys. "How can I explain passkeys to my user?" covers more than just the happy path.