Passwords have problems, but less than putting all authentication secrets in a single basket or ecosystem is (which is what big tech fundamentally wants).
Passkeys are a solution to a manufactured problem, and keeps getting pushed because it is a useful big tech honey trap that solidifies their user's captivity in their ecosystems.
KeePassXC has support. Many people use Vaultwarden. And so on.
Also, end users are already locked into Chrome and Safari (and Meta's webview and even worse fates).
Passkeys right now has upsides and downsides, like all technology.
I think they are both too complex/clunky on the data/spec/API side, and not complex enough on the UX/lifecycle side. But likely both will evolve based on the usage patterns that get solidified.
It doesn’t matter if other authenticators could work if a relying party refuses to allow its users to use them.
> Also, end users are already locked into Chrome and Safari …
Not this end user; I am typing this in Firefox right now. Not coincidentally, WebAuthn is yet another bit of complexity making it slightly more difficult to implement a browser. From the perspective of the big tech companies, end users aren’t expected to write software, or to run anything the big tech companies haven vetted.
You keep repeating that, but that's not possible anymore, since both Apple and Google removed attestation from their respective passkey/WebAuthN implementations.
For details, see >>42522490 .