But how much more convenient is it really? Filling out the login form with Bitwarden is a single hotkey: Ctrl+Alt+L. That's such a light burden that I'm having a hard time seeing the value proposition for users who are already on a password manager.
I can totally see the value for companies who serve users that don't use password managers—if you can get those people onto passkeys that's a clear security win.
My passwords are bound to a domain and Bitwarden will refuse to autofill if the domain doesn't match. I can copy the password manually if I care to, but that's true in every passkey implementation that I've seen as well: they're never the only login option, you can always log in with a password too.
I don’t understand what you mean, sorry. If you are manually copying a password, then you are not using passkeys? There is nothing to copy/accidentally leak with passkeys.
I guess it will be a while before passkeys are the _only_ option that websites accept
I'm saying that as long as websites use the username/password model alongside passkeys with no way to turn off the former, you're just as at risk of phishing with passkeys as I am with domain-bound autofill.
Either one of us would have to choose to manually copy our logins into a phishing form in order to get phished.