alt Hacker NewsPasskeys seem to be the best solution for users whose technical chops cannot be trusted, and who are also gullible enough to be a scam / social engineering target. Which, to my mind, describes a large enough chunk of audience of most popular services.
A tech-savvy relative of such a user should help them generate rescue codes, write them on a piece of paper, and store them along with all other important documents. Ideally the paper should also read: "Call me before using any of these codes! <phone number>."
it's just a further step whittling away of browsers being a "user client".
a key based approach is great. Knowing (the passphrase) and Having (the key) is a good way to authenticate.