I find this argument a bit problematic. Just because software like @Team KeePassXC gives users control and choice over their passkeys, which Apple / Google / ... currently don't, doesn't mean they are irresponsible. From what I can tell KeePassXC devs were not involved in the discussions around transfer of passkeys.

Big tech wanted to get passkeys into user hands, which is a great thing, as are passkeys in general. But the statement that it is somewhat of a lock-in situation currently is not false.

And finger-pointing at software that does give users the option to transfer passkeys at their desire is not helping I think. Especially when that aspect has not yet been standardized.

If transfer can happen in encrypted form, that is clearly preferable. You filed https://github.com/keepassxreboot/keepassxc/issues/10407 which is a good thing. The discussion shows however, that the way the debate was going on so far was not ideal.

#passkeys #security #passwordless

[Passkeys] should never be exported in clear text · Issue #10407 · keepassxreboot/keepassxc

Overview Passkeys should never be allowed to be exported in clear text. There is significant work going on across the industry on a secure migration protocol for credentials like passkeys. Please c...

^GitHub