How to approach passkeys / Should I replace my TOTPs with passkey?

I want to keep my passwords and MFAs separate, first and foremost, so that I don’t get completely compromised.

I have TOTP setup on my accounts, but I recently found that passkeys apparently more secure [1] [2]than TOTP, should I replace my primary accounts from TOTP to passkeys (or keep both of them enabled)?

To do this, I was thinking of using Bitwarden to store passwords, Proton Pass to store passkeys, and Ente Auth (no 2fa) to secure these two, with its password and recovery codes (salted) stored in Standard Notes (no 2fa). Can this work?

I don’t want to add 2fa to SN and Ente particularly as I don’t want to get lock out in case something happens to the device. Hardware security key could be a solution, but I don’t want to get in it just yet.

I don’t completely understand passkeys, so apologies for my perhaps novice questions.

Yeah basically passkeys are more secure so you can go ahead and replace your TOTP. If you sync your passkeys up in your password manager you shouldn’t have to worry about getting locked out.

Your setup seems a bit overcomplicated, any reason you’re using separate password managers for passwords and passkeys?

Besides all eggs in one basket, it makes me at ease to have things a bit compartmentalize, even if it feels overly complicated or downright unnecessary.

It will probably mess with your workflow but if works for you there’s nothing wrong with it.

Don’t forget to export your vaults regularly.

Thanks, will do that