diff --git a/selfservice/strategy/passkey/passkey_registration_test.go b/selfservice/strategy/passkey/passkey_registration_test.go
index a6ab50b29b61..1a4759dfa09e 100644
--- a/selfservice/strategy/passkey/passkey_registration_test.go
+++ b/selfservice/strategy/passkey/passkey_registration_test.go
@@ -297,6 +297,7 @@ func TestRegistration(t *testing.T) {
 
 					i, _, err := fix.reg.PrivilegedIdentityPool().FindByCredentialsIdentifier(fix.ctx, identity.CredentialsTypePasskey, userID)
 					require.NoError(t, err)
+					assert.Equal(t, "aal1", i.AvailableAAL.String)
 					assert.Equal(t, email, gjson.GetBytes(i.Traits, "username").String(), "%s", actual)
 				})
 			}
diff --git a/selfservice/strategy/passkey/passkey_strategy.go b/selfservice/strategy/passkey/passkey_strategy.go
index dbf550d352ff..b590a7e93b6d 100644
--- a/selfservice/strategy/passkey/passkey_strategy.go
+++ b/selfservice/strategy/passkey/passkey_strategy.go
@@ -96,7 +96,7 @@ func (s *Strategy) CompletedAuthenticationMethod(context.Context, session.Authen
 }
 
 func (s *Strategy) CountActiveMultiFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) {
-	return s.countCredentials(cc)
+	return 0, nil
 }
 
 func (s *Strategy) CountActiveFirstFactorCredentials(cc map[identity.CredentialsType]identity.Credentials) (count int, err error) {
diff --git a/test/e2e/profiles/passkey/.kratos.yml b/test/e2e/profiles/passkey/.kratos.yml
index cbe13e07ef1e..85441f599e1b 100644
--- a/test/e2e/profiles/passkey/.kratos.yml
+++ b/test/e2e/profiles/passkey/.kratos.yml
@@ -3,7 +3,7 @@ selfservice:
     settings:
       ui_url: http://localhost:4455/settings
       privileged_session_max_age: 5m
-      required_aal: aal1
+      required_aal: highest_available
 
     logout:
       after:
@@ -52,4 +52,4 @@ identity:
 
 session:
   whoami:
-    required_aal: aal1
+    required_aal: highest_available