Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.
Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.
The credential needs to be set as discoverable and some other stuff to work for passwordless login (the token must store site specific data)
You would need to reregister it as passwordless to not just use it as 2FA after having entered a password (meanwhile standard 2FA with webauthn don’t store anything on the token, the website sends encrypted credentials to the token which only the token can decrypt and then authenticate with)