The analogy is similar to swiping your credit card versus using Apple Pay. With “login using Google/Apple”, you are submitting the username and password which could potentially be harvested by malware or a key logger. With passkey/Apple Pay, you are submitting a one time token that has no value in the Dark Web.