Advancements in quantum computing create substantial risks for classical cryptographic systems, particularly RSA and Elliptic-Curve Cryptography, that underpin FIDO2 and WebAuthn authentication protocols. Shor's algorithm can compromise these systems by extracting private keys from their public counterparts when sufficiently powerful quantum computers exist. Passwordless authentication has grown increasingly prevalent, with FIDO2 and WebAuthn serving as core trust elements within digital identity architectures. Quantum-enabled attackers present serious challenges to both credential security and attestation validation processes. Organizations must adopt post-quantum cryptographic methods proactively to sustain authentication integrity while maintaining existing trust structures. The harvest-now-decrypt-later paradigm presents urgent risks where malicious entities intercept and store authentication traffic for future decryption upon quantum computer maturation. FIDO2 credentials embedded within authenticators or bound to user devices maintain long lifespans, often synchronized across cloud ecosystems as passkeys, creating extended vulnerability windows. Post-quantum migration represents both cryptographic enhancement and essential lifecycle management spanning authenticators, browsers, servers, and attestation authorities. This framework proposes a crypto-agile hybrid WebAuthn architecture integrating classical and post-quantum algorithms. Embedding ML-DSA for digital signatures and ML-KEM for key encapsulation within WebAuthn registration and authentication flows enables progressive credential rotation without disrupting trust chains. The architecture aligns with CBOR Object Signing and Encryption identifiers and emerging IETF post-quantum WebAuthn specifications, ensuring standards compliance.