They could, but that’s scary. Imagine someone finds your bracelet and uses it to log into your 401k and transfer out your funds. The point of passwordless is the device is now ALL that is needed to access everything. You don’t even need to know who they are. The device is like a username+password+2fa all rolled into one.
Any passwordless device must be highly secured, which raises the whole issue of adoption. Phones are not highly secure, Level 3 security keys are, like yubikey.
Scary thing about the whole security key market is nearly all of the yubikey competitors are not Level 3, which means they devices can be hacked. Looking at your nitrokey. Yay, it’s open source and updatable. Ohh, that also means someone can reprogram it to leak your data. Level 1 is what something like your operating system can offer, which is all nitrokey is. One compromise away from losing everything.