What am I dependent on to access by stuff if I use a passkey? A smart phone?
this post was submitted on 11 Nov 2025
290 points (87.6% liked)
Technology
76799 readers
3656 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
No, you can store them in a password manager. That's what I do. Doesn't always work though. Sometimes my browser is prompted for the passkey instead, for reasons I don't understand.
But what do you do with your Passkey in your password manager if you have to login on another device (you don't own)?
load more comments
(1 replies)
I have a couple in my Bitwarden (Vaultwarden)
But I already have issues with Android trying to force me to use the system Passkey provider, and companies like Apple only supporting their own device's built in manager for Apple accounts.
Ok I see a lot if discussion on this topic but no one seems to have mentioned the main feature of the spec that makes them phishing resistant: presence detection. This is what makes FIDO resistant to credential replay. The spec is not perfect but it prevents most common phishing attacks.
Thanks for the great article! I had a question re: the top disadvantage you mention (lock-in).
Background: Although the on-device integration for Apple, Google, etc. use their cloud for E2E sync between devices, it appears KeePassXC using their passkey interception, discovery, and import procedures accomplish the same cross-device passkey implementation without needing a particular vendor cloud lock-in. As best I can tell, this meets the original standard’s sync fabric requirements (whether or not the big providers like it) and relies on platform-specific APIs mostly for interoperability.
Question: If KeePass has been able to implement their own sync this way, and the FIDO standard accommodates non-OS providers (e.g. browsers or PW managers), what is currently the biggest technical hurdle remaining for FOSS-based passkey providers?
Thank you... and Yes you are right... There could be many reasons like greed or could be risk management if you think from both ends of spectrum. It's sad actually they are developed on the same FIDO2 but insists on being seperate which is weird.... Also they feel that regular user wouldn't be able to set up FOSS passkey provider or may be they lose control over encryption if they share with third party.
Yeah the counter-interoperability of proprietary expansions on FIDO standards sounds a lot like embrace extend extinguish to me. I know engineering standards generally require field revisions but these big corps have a track record of this behavior.
I can see how the FIDO standard’s dID requirement might be an issue at the org level, but even in the case of a fully custom/unknown rooted device they have provisions for using traditional security keys attached to one or more associated devices via USB/BT/NFC. Megacorp platforms might be first to facilitate adoption but the spec absolutely accommodates open provider integration.
I need to experiment with personal security passkey registration and authentication workflows to know how difficult it actually is in practice, but it looks like the equivalent of self-signed certificates are possible anywhere the user controls the stack like self-hosted intranetwork suites that are popular around here.
Thanks again for the write up!