You don’t need a PRF credential to perform a masterpassword change. The client already has the account symmetric key (“userkey”) loaded in memory. A password change without key rotation merely replaces stretchedMasterKey(UserKey) with strechedMasterKeyNew(UserKey), and updates the authentication hash. Both can be derived from the new masterpassword alone. Even a password change with key rotation does not need a PRF-login-passkey; it’s a bit more complicated here, but all required keys are already in memory when you have an unlocked vault.
The only thing that the old masterpassword is used for, is as an authentication factor for protecting sensitive account actions. It is not required in the cryptographic changes happening during a password change or key rotation. As micah points out, this can be replaced with email otp, or (any) passkey.