I think passkeys can be used just like biometric authentication is used in mobile apps right now: you sign in just like you usually do (e. g. username + password + TOTP or something), then on subsequent visits you can skip that and go through passkeys instead. New device? Just sign in with a password again.