You still need 2fa I think most passkey implementations incorporate multiple factors already. The session factor is considered distinct from the device factor, even if it’s all on the same device.

Which isn’t super different from the traditional USB key procedure, where a user would activate a FIDO biometric after clearing an SSO portal, or what have you.