You use some method of authentication, of course. How do you keep someone who has your unlocked password manager from using it? You just make sure nobody is ever in that situation.
The big win is that, with WebAuthn, you don't need to also hide your authentication from site operators, your OS, key loggers, phishers, etc etc.
Thanks. Like you said, this is safer, even if a password remains somewhere in the chain, like a master password for your computer. An advantage is that websites are not storing passwords (hashed or otherwise, because it's hard to do well).
I use a Yubikey, so there's no password for me (just a PIN that wipes the key if it's entered incorrectly a few times). You can also use a fingerprint scanner, face ID, etc.
The big win is that, with WebAuthn, you don't need to also hide your authentication from site operators, your OS, key loggers, phishers, etc etc.