[jeroenhd]

There are two names that the end user should see today (WebAuthn for older apps, Passkey for modern stuff). U2F is a pretty old name that may still pop up, but I'm not sure if any user facing software ever used that name to begin with. Most likely, the names facing the user are "security key" or "passkey".

FIDO2 is a standard set up by a couple of authentication companies and stakeholders. U2F was basically an earlier attempt at that. FIDO UAF is a protocol for authenticating, CTAP is a protocol for communicating with hardware. 2FA is just a generic term for "multiple factors", like combining a PIN with your fingerprint. WebAuthn is the web API for authenticating with security keys.

Most of them do indeed come down to public key cryptography. The challenge is providing a public key API that works across hardware vendors, supports attestation, and allows for things like "use your phone to verify your login if your computer's TPM isn't sufficient". They all solve a different problem in the chain, and the names have changed a bit over the decades.

If you're building software now, use the word "passkeys". Apple and Google have stuck with those names, and they're named a lot friendlier than "WebAuthn".