Passkeys can also be used in addition to passwords, as a form of 2FA. I've seen a number of sites approach Passkeys in this manner.

Or if you really wanted to, you could flip it. You can allow the Passkey to be the "password" and an actual password the second-factor for the user.