[aeontech]

I might not understand the tech as well as you do, but does BitWarden have rights to read 1Password vault, or 1Password have rights to read the Lastpass vault?

Generally I thought with passkeys, the logic is that you provision one passkey per app you want to have access to a service?

Ie, I can provision a separate passkey for GitHub, for instance, both in 1Password, and in Keychain if I like, and sign in to the service with either one?

Or am I missing something?

[stouset]

You aren’t missing anything. This is exactly what you do, and it’s not even hard.

[cyberax]

BitWarden technically can read the 1Password vault on macOS, though not on iOS. Unless 1Password developer agrees to the collaboration. This is kinda expected, given the crazy locked-down iOS.

However, Apple does not provide entitlements to read iCloud Keychain even on macOS: https://developer.apple.com/documentation/bundleresources/en...

I don't believe there are easy legitimate ways to work around it. Disabling SIP (System Integrity Protection) will render passkeys inaccessible, though I'm not sure about that.

> Generally I thought with passkeys, the logic is that you provision one passkey per app you want to have access to a service?

Passkey is basically a private key that is specific for a given site. Nothing more, nothing less. So you will have separate passkeys for Hacker News, Slashdot, Reddit, eBay, etc. They will be stored in iCloud Keychain and synchronized across devices.

Apple is not going to provide easy ways to bulk-export all this data if you want to migrate to Windows. Or maybe even to switch a browser.

If you use an alternative password manager like BitWarden, your ability to export passkeys will depend on its implementation.