[jeroenhd]

I don't think this is a security vs usability thing. A lot of UIs are intentionally confusing.

Apple wants you to use iCloud passkeys, Microsoft wants you to use Microsoft Account passkeys, Google wants you to use Google passkeys. Even if you have a dedicated USB device plugged in, browsers keep defaulting to the cloud accounts.

Bitwarden's approach is to simply hijack the passkey request before the browser can respond and throw itself front and center. It's a terrible hack but it works on every browser at the very least.

If these companies cared about their users more than they cared about throwing up walled gardens, they wouldn't put a USB key behind "Choose another method" -> "Dedicated device" -> "Security key" -> "Confirm" while offering one-click login with their cloud account. And they would offer a proper API for third party applications to integrate into the native passkey storage.

[jogu]

Yeah, the passkey provider management is absolutely horrendous and is the biggest blocker to passkey adoption in my eyes. I have 3 different sources (iCloud keychain, Yubikey, and Enpass) and in the best case it's some extra clicks like you mention, in the worst case it just simply won't let me select the correct provider.

I've resigned to registering a passkey into all of my providers and just letting the most platform native option win for now.

[raw_anon_1111]

Apple does have an API to allow third parties to be used to store passwords and passkeys and they show up during the standard flow from a browser.

[godelski]

I remember once I was working for a big tech and we had windows computers. I tried to use Hello so I could login with my fingerprint. It broke outlook for some reason. So I switched to a Yubi key since they were offering.

Every login was the same: fails -> try again or try different method -> list of methods (including "security key") -> ok -> tap security key -> ok

It would not let me set the key as the default and there were two unnecessary clicks. The box literally only had a single button (besides the standard x on the window)! It was absolutely infuriating.

I'm with you. I don't believe these companies are actually trying to create the best solutions. And you can absolutely see that when you try to move from one ecosystem to another.

Look at my problem again and now consider had I been using my iCloud key and wanted to login from my Linux machine. It literally wouldn't be possible!

[Shadowmist]

If your desktop browser has Bluetooth access you can scan a barcode with an iPhone.

[miohtama]

This is the problem when UX guidelines are not part of the standard.