[throwaway31338]

Until the passkey workflow goes sideways for "tech" people I don't think the risks will be acknowledged (if then even).

Those of us who don't want the let Google, Apple, or Microsoft manage our passkeys (i.e. pledging our fealty to our lords) will be seen as fringe lunatics.

I'll keep my workflow of always visiting sites by typing the URL myself, using a password manager, and TOTP 2FA w/ the secrets saved offline on paper. At least until I'm not allowed to do that anymore.

[Nathanba]

Same here, I don't like passkeys for many reasons. Another reason is that I can't see the key that I'm using. Therefore: What if Bitwarden doesn't pick up the passkey? Tough luck, I'm out of options. I cannot manually create a passkey entry in Bitwarden because it's all hidden magic. If I notice that the password manager doesn't pick up a registration then I just add it myself. Not possible with passkeys.

[reddec]

Luckily Bitwarden supports passkeys. And you can self host it. And even vaultwarden/bitwarden-rs supports passkeys