[jameswestgate]

WebAuthn to either a a hardware key protected by a pin, or to a passkey protected by a biometric. Both definitely qualify as 2FA

[watermelon0]

But there is no password, so we are back to 1FA, with Passkey being the single factor.

This is similar to using password manager, with the exception that malware cannot steal your keys ... however, if it's able to steal passwords from password manager, there is a good chance that malware can also access your browser's cookies.

[flangola7]

It is still 2FA. Something you have (passkey on a device) and something you are (LIDAR map of your face and pulse).