>But even with Apple, I can't sync stuff between my personal and work computer because they use different Apple IDs
You can't save your personal passkeys on your work phone and vice versa, but when logging in to a service on one device, you should be able use a passkey from the other device via Bluetooth by scanning a QR code.
An added challenge: Yubikey NFC doesn't work on iPad, only iPhone. USB operation also seems fraught. This has been so for 7+ years now. If Apple cannot get this to work with a closed ecosystem and the leading vendor, I think the technology is just not ready for mainstream.
Apple is actually doing a lot of work (largely) in the background with every OS update.
I was recently pleasantly surprised to be able to use my smartcard form factor FIDO authenticator on macOS using a CCID USB smartcard reader. Not exactly ergonomic on a laptop, but totally viable on a desktop or docking station setup with a permanently plugged in reader. Sometimes I really do miss that contactless card reader option that some Thinkpads offered...
I think they added better hardware key support at an OS level a little over two years ago. They needed all the web authn stuff for passkeys anyways, so I bet it was a necessity prerequisite.
I just got the new M4 iPad like two months ago, and my YubiKeys absolutely did not work, no matter what I tried. There are articles on apple.com and yubikey.com that explain that USB-C YubiKeys will not work with USB-C iPads because Apple's USB-C implementation isn't sending the timing info (or something like that) that the YubiKey needs to function. People were buying Lightening YubiKey and connecting them to Apple's Lightening to USB-C "camera adapter" to work around this.
I decided to double-check my YubiKeys before I responded to your post and (!!!) they work now! This is huge!
If anything, this achieves the opposite of making sure I always have mine on me.
Dedicated, external hardware authenticators are great for logging in to very high value accounts or password managers, but arguably they're not really viable for 99% of users and use cases on a day-to-day basis.
I don't agree at all. It's on my keychain, next to my keys, a nice symmetry. When I need to login I hold it to the back of my phone for half a second. It's incredibly easy and would be even easier if it weren't for the UX presented by iOS, Android, and Windows where they try to be the provider. Android has gotten a bit better. Windows is the worst about it afaict.
I don't like having to fetch my keys when I'm at home at all, which is where I do most of my authentications. I'd have to get up, walk to where I usually keep them, walk to my computer with them to authenticate, and then either walk back or forget the keys somewhere in the house and have to search for them when leaving (or detach the authenticator from the keychain and then not have it on me when I'm leaving).
That's why I don't like using USB authenticators on a regular basis.
It’s recommended to have at least two anyway, to still have access to your accounts in case one is lost. That means you can keep one key at your desktop and you’d only need to go up to get your keys when adding them to an account.
Having two in the same house is a pretty bad compromise. Ideally you'll want one of them to be physically somewhat distant (in case of a fire etc.), which makes things even less ergonomic.
You can't save your personal passkeys on your work phone and vice versa, but when logging in to a service on one device, you should be able use a passkey from the other device via Bluetooth by scanning a QR code.