A passkey created for paypal.com will not work on a look-alike phishing site like paypa1.com. What enforces this, and why does it make passkeys phishing-resistant?
Each passkey is bound to the exact domain (origin) it was created for; the browser/OS will only offer it to that domain, so a look-alike site simply cannot trigger the real credential.
The c't article uses the paypa1.com example: the website's domain is baked into the credential at creation. When you later land on a different domain, the system won't release the paypal.com passkey — at most you could create a brand-new, useless passkey for the fake domain.
This is the same origin-binding seen in the WebAuthn rp (relying party) field. The crucial point is that the software enforces it, not the user: even a victim fooled by a convincing phishing mail cannot hand over a working credential, because there is no shared secret to type and the wrong domain won't match.
Tip: Phishing-resistance here is structural, not awareness-based. That's why it survives human error in a way "don't click suspicious links" training never can.