IMO: you should have at at least two options to get into a break glass account. If you were able able to remove the password requirement and relied only on the FIDO key, you put yourself at risk in the event that key is not available.
Truly passwordless break-glass account
Barry Jordan
21
Reputation points
Currently setting up a break glass account and I'm researching if there is a way to remove a password or the option to use one from an account in Entra Id, similar to what can be done with a consumer Microsoft account. This is in an effort to go completely passwordless using a fido2 key (passkey) and not be presented an option to login with a password if I cancel the passkey login attempt. Of course, using a conditional access policy to apply an authentication strength for this type of account is not desired nor recommended.