[nvme0n1p1]

If your computer is compromised, the attacker can just as easily read your email.

OTP can be used with a password.

[hdjrudni]

Uh huh? That's why I specifically said hardware key. Like a Yubikey. You can't digitally steal that.

[akimbostrawman]

That doesn't address anything. If your device is compromised they do not need your hardware key because they can just read all mails on device or steal login/session cookies for accounts and bypass authentication.

Passkey is still inferior to U2F + password anyways.