Passkey is some sort of specific unique key to a device allowing to use a pin on a device instead of the password. But which won’t work on another device.
Now I don’t know if that key can be stolen or not, or if it’s really more secure or not, as people have really unsecure pins.
HTTPS is definitely not a major reason the web turned corporate. It has its problems for sure though.
Look at Gemini if you want an example of a decent web ecosystem that has HTTPS as a requirement for the protocol.
Gemini benefits from two things that the web has lost: