In practice, they either use system authentication if you use the implementation bundled with iOS/Android - and sure, that can be Face ID if setup, or other forms of biometric authentication. Both operating systems have APIs that allow password managers to provide their own implementation of passkeys, and in that case you have to authenticate with your password manager - sure most of them support using system authentication (biometrics) as well, but this could also be a master password or hardware key (which work very similar to passkeys by the way).
I’d argue if you don’t assume that whatever system you’re using is reasonably secure/private, you probably shouldn’t enter any passwords on that system either. This isn’t a passkeys vs. passwords problem.
In practice, they either use system authentication if you use the implementation bundled with iOS/Android - and sure, that can be Face ID if setup, or other forms of biometric authentication. Both operating systems have APIs that allow password managers to provide their own implementation of passkeys, and in that case you have to authenticate with your password manager - sure most of them support using system authentication (biometrics) as well, but this could also be a master password or hardware key (which work very similar to passkeys by the way).
I’d argue if you don’t assume that whatever system you’re using is reasonably secure/private, you probably shouldn’t enter any passwords on that system either. This isn’t a passkeys vs. passwords problem.