Are password managers resistant to social engineering? You can copy & paste a password to a "support chat" from the manager. You can't do that with a passkey.
The password is only resistant if the one storing it is following best practices, which are NOT enforced and you really can't check for from the outside.
Well if we're talking about social engineering, I don't think it will be difficult to convince the support guy at most companies to disable passkeys on the target account altogether. :(
If you can engineer "the support guy" then you can do a lot more than disable one passkey.
I'm talking about engineering on the other side, the person who has the password and uses it to log in. You can't social engineer Miriam from Accounting to give their passkey, you can do it with a password.
The password is only resistant if the one storing it is following best practices, which are NOT enforced and you really can't check for from the outside.