It's already in there and ready to be used. I wrote a small IDP/authenticating proxy that uses it, and I can now log in to my stuff with FaceID. Or you can hold your old-school Yubikey up to the phone (that you enrolled on your workstation!) and use that instead. It is all very seamless.
There is absolutely no reason to have passwords anymore. You can't phish WebAuthn. It's built into every modern phone and PC. (There is some concern about it being easier to lose access to your account, but account recovery already exists for the three remaining people that don't use a password manager, and forget their passwords. If you're implementing it, do let users add multiple tokens, though. That way they can have a backup and easily enroll new devices.)
There is absolutely no reason to have passwords anymore. You can't phish WebAuthn. It's built into every modern phone and PC. (There is some concern about it being easier to lose access to your account, but account recovery already exists for the three remaining people that don't use a password manager, and forget their passwords. If you're implementing it, do let users add multiple tokens, though. That way they can have a backup and easily enroll new devices.)