It is a very large and complex standard that further centralizes authentication in the hands of several megacorps. The previous OpenID attempt was a resounding success, and this is a logical continuation. Google and co want to know where you log in to serve you "better" ads.
The countermeasure remains the same - create an isolated account on each new website/service you use.
But you can use FIDO without ever touching MS/Google. For example, Codeberg (code hosting based on some soft-fork of Gitea) supports this with local-accounts.
What you are describing is Single Sign On, not WebAuthn/FIDO. Every site that I've used that has WebAuthn self-hosts it (GitHub, Twitter, Google, Microsoft, etc).
