[jamesboehmer]

It may partially be because of vendor lock-in, but I think the real reason is security. For example with Apple's Secure Enclave hardware, you give secret-generation responsibility to this chip, and can never see the value. I use it for SSH private keys, which are meant to be disposable/changeable. As much as I want to own and control all my data, I personally think this is pretty good footgun protection, and I'm ok with being unable to export my passkeys from 1password (and for the record, 1password does not prohibit TOTP exports).

[trollbridge]

If the private key is actually stored in an unbeatable enclave, then fine. Apple’s implementation puts them in your iCloud account, which whilst it is overall locked via the Secure Enclave, the passkeys are most certainly not.

I don’t have a need for a level of security where exporting my private key to, say, Best Buy is impossible.