When I set up a passkey for an admin user (backend) I can still login with the account password. Correct? I would expect setting up a safer password mechanism like passkey would disable the use of a less safe account password. But maybe I am wrong about that?

When a use logs in and Joomla detects a passkey is set up, maybe there needs the login needs to be blocked and the user should be asked for the passkey?