From Wikipedia
Google urges passkeys with non‑SMS two‑factor authentication to blunt targeted phishing.