Thata the clever bit about FIDO. Part of what unlocks the private key for signing the challenge is somehing called AppId. AppId is automatically captured by your webbrowser (weborigin standard) and passed along. So the authenticator only unlooks if you are on the correct website.
A further feature is that you can make the ssl tunnel id part of this as well, that makes it even better.
More explanations on why: https://security.stackexchange.com/questions/71316/how-secur...
And how: https://fidoalliance.org/specs/fido-u2f-v1.0-nfc-bt-amendmen...