AlotOfReading a day ago

As an example, see this issue opened against keepassxc saying that if they continue allowing plaintext passkey export, they're at risk of being blocked once attestation is standardized:

https://github.com/keepassxreboot/keepassxc/issues/10407

The goal here isn't maximizing user choice, it's to enforce minimum agreeable standards by the major vendors. It's up to you whether your personal needs wholly align with what they want to mandate, forever.

Reply View 1 reply
  • skybrian 18 hours ago

    Yeah, I’m okay with that. It’s also true that not just anyone can become a domain registry either, but we still have choices.

    It’s less convenient, but you can always create a new passkey manually for an account.

    Reply View 0 replies
josephcsible a day ago

If that ends up letting attested passkeys be exported outside of the Microsoft/Apple/Google oligopoly, I'll eat my hat.

Reply View 1 reply
  • skybrian 18 hours ago

    Who uses attested passkeys? (Serious question.)

    Reply View 0 replies