you start a process by pressing the button and authenticate via having the device and using your os account biometrics/passcode
then your pass manager signs a challenge with the passkey proving that you come from a trusted device (you are logged in to your pass manager) where you are the os account owner
you start a process by pressing the button and authenticate via having the device and using your os account biometrics/passcode
then your pass manager signs a challenge with the passkey proving that you come from a trusted device (you are logged in to your pass manager) where you are the os account owner