It isn't an issue of competence in an IT department. I slightly regretted adding that dig at passkeys at end of my post, but there it is, so I'll elaborate a tiny bit. The issue I see is that users have a lot of difficulty with them. They may be elegantly designed, but when Pizza Hut or Google or Microsoft forces an individual user to use them, problems ensue. Sure, a competent IT department that implements passkeys as part of a managed system will see good results, but they're also being deployed widely to a public that isn't ready for them. Interestingly, one big issue I see is the name of the technology: users do not see a difference between the word "password" and the word "passkey".

Part of the security of passkeys is that they're tied to a device. That device is then authorized, using the passkey, to access a service. You, as the user of that service, can have passkeys for that service on multiple devices. There's no lock-in. We just don't want people to move passkeys between devices because then they can get stolen. That being said, passkeys are a failed technology that are causing a lot of issues for IT departments.

This fellow pointed a web cam at all his keychains. Problem solved: http://fob.webhop.net/