[mikestew]

The metaphor might be a bit esoteric, but that's similar to wishing that Hardware Security Modules (HSMs) allowed you "get your <private keys>" out of the HSM. As sibling comment says, that's how you get phished. The whole point of an HSM (and a passkey) is that the super-secret private part never leaves the HSM no matter how nicely you ask and no matter how compromised the machine is.

A password manager, OTOH, is happy to hand out your private key ("password" in this case) to anyone that has access to it.

[Atotalnoob]

Yes, but I don’t want vendor lockin.

I want to move my passkeys where I want and use tools I want.

Not allowing anyway of changing passkeys is terrible. Imagine someone switches from IOS to android. How do they use their passkeys?

Even if they had a big “warning don’t do this” sign it would be better than not allowing it in anyway.

[forty]

It's a middle ground. You should be able to move passkeys from one vendor to another with some export process but the secret key is not exposed when you use it which reduces the risk of having it stolen

[labcomputer]

> Not allowing anyway of changing passkeys is terrible.

Who says you can't change your passkeys? Just log into the site with your existing passkey (or other 2FA) and change it.

[deadbunny]

Sure, I'll just log into all 500+ sites I have logins for and update them.