Yes. Passkeys help with the bad password problem. That’s a big deal but doesn’t magically solve everything.

To address other security risks more comprehensively, you need to have a tight issuance process and use something key based in hardware. I’m working on a project where we deploy Yubi keys or similar, with an audit trial of which is used by who.

High trust environments need things like enterprise attestation and a solid issuance process to meet the control needs. Back in the day, the NIST standards required a chain of custody log of the token - you could only use in person delivery or registered mail to send them.

That’s overkill, but the point is the technology is only one part of the solution for these problems.