The idea is that the key never, EVER leave the hardware or password manager. What you do is have multiple Passkeys on separate devices per account.

Kind of like how you should generate SSH private keys on the local machine and never leave this particular system, and you then add their public keys to the server you will connect to. You can them revoke access to each machine independently.