Awesome, we love passkeys, and you’ve hit on one of the main improvements on MFKDF2, which is support for passkeys in a way that’s not possible in the original MFKDF.
We have a concrete roadmap attached to our proposal that uses the PRF extension of the WebAuthn API, which is already supported by most hardware tokens, to derive factor material from passkeys. This will make passkeys a fully-supported factor in MFKDF2, and a co-equal citizen to existing factors like passwords, HOTP/TOTP, and more. Regardless of which factors are being used (passwords, soft tokens, hard tokens, etc.), MFKDF-based wallets still operate more like classic soft wallets (just with a much better UX!), than like hardware-based wallets.
Of course, one passkey alone would be scary to use for a cryptocurrency wallet, because the loss of a single device could cause a total loss of funds. However, with passkey factors in MFKDF2, passkeys can be used together with threshold key derivation or policy-based key derivation to combine multiple passkey options, or different types of authentication factors, into one key derivation policy, creating custom pathways for account recovery if some of the factors are lost.
Our goal with MFKDF2 is not to tell Zcash users or wallet developers which factors to use or how to combine them into a policy. Rather, we aim to provide a flexible, general-purpose primitive that supports a wide variety of popular authentication factors and allows users to combine them into a cryptographically-enforced key derivation policy in whichever way is best for them. Our 5th milestone is specificially focused on working with Zcash wallet devs to make sure that option is available to users soon. Hope that helps!