ctietze, 
Listening to a #passwordless talk at a local meetup.
#YubiKey sounds like a cool thing to have for this for device-bound passkeys.
But:
How does YubiKey earn one’s trust?
With everything home-cooked one knows who’s responsible for damage. With 3rd party, you’re still to blame to trust the wrong company :/