They are more secure because they are different per-site and are public-key-based rather than secret-based, so they can't be captured and replayed later, a website compromise doesn't lead to further compromises, and they are phishing-resistant (e.g. paypa1.com can't request PayPal.com credentials).
Passkeys are meant to refer to primary-factor authentication, as opposed to using something like a yubikey as a replacement for SMS OTP or TOTP. The ability to discover available first-factor options for a web domain was something new in FIDO 2 over the older U2F-based keys - I'd expect any security key sold in the last three years to have at least limited support for discoverable credentials.
By default when someone talks about passkeys they mean multi-device, where you back them up (most likely to the cloud) and can sync/restore them to other devices. But modern Yubikeys (and current Windows Hello) support single-device passkeys.
Or to put it a different way - passkeys are meant to be a concept for something equivalent but better than passwords, not a proper spec in themselves. Hence the lowercase 'p'.
They are more secure because they are different per-site and are public-key-based rather than secret-based, so they can't be captured and replayed later, a website compromise doesn't lead to further compromises, and they are phishing-resistant (e.g. paypa1.com can't request PayPal.com credentials).
Passkeys are meant to refer to primary-factor authentication, as opposed to using something like a yubikey as a replacement for SMS OTP or TOTP. The ability to discover available first-factor options for a web domain was something new in FIDO 2 over the older U2F-based keys - I'd expect any security key sold in the last three years to have at least limited support for discoverable credentials.
By default when someone talks about passkeys they mean multi-device, where you back them up (most likely to the cloud) and can sync/restore them to other devices. But modern Yubikeys (and current Windows Hello) support single-device passkeys.
Or to put it a different way - passkeys are meant to be a concept for something equivalent but better than passwords, not a proper spec in themselves. Hence the lowercase 'p'.