Passkeys are basically client certs for website logins.
Server stores a public key, encrypts a challenge on login attempt. Client browser uses private key to decrypt challenge (and sign it maybe?) and respond to web server to authenticate.
Hackers can’t get a shared secret (like a password or password hash) by hacking the website’s database becaus the public key is all they store; useless without the private key.
Not foolproof, but much harder to exploit than passwords - which many people re-use across multiple sites.
FPGAs would be considered “hardware emulation” but a lot of people don’t like that term, and think emulation should be a term limited to software.
Like, there aren’t real N64 chips in there. The hardware IS emulating an N64 - it’s just not doing so in a way that’s comparable with software emulation at all.