Modern Security Keys can be used for logging into services without username and password. The user experience then just involves clicking a login button and pressing the Security Key. It frees the user from having to remember username/password combinations. Furthermore, it makes server-side storage and validation of passwords obsolete.
A PIN code can provide an additional protection in case the Security Key gets lost. In contrast to a password, it can be as short as some digits since Security Keys lock after eight failed attempts. Alternatively, some Security Keys provide biometric capabilities instead of PINs.
We are working on our SDK to bring passwordless FIDO authentication to Android that works with security keys over NFC and USB.
Passwordless login is supported by modern FIDO2 Security Keys, such as the YubiKeys 5 series as well as Solokeys. Security Keys can be directly connected over USB-C and NFC. USB-A keys require an additional USB OTG cable.