A lot of the bigger players like Microsoft, Google and Apple support it. For small sites its a lot rarer. The keys are stored on device, but can be synced in a variety of ways, often using the cloud. There is problems with vendor lock in vecause of that, even though passkeys are an open standard by themselves. Generally nothing is stopping you from copying/synching them yourself.

I replaces passwords with a cryptographic key. When you register at a website, you do not put in a password, instead it generates a key-pair, kinda like you would have with ssh auth. Usually to login you use biometrics, which will unlock the keys on your device. Advantage is that they are phishing resistant (the keys are bound to a specific domain), convenient and if the database of the website is leaked, it doesnt matter since they can only store your public key, which is worthless for authentication.