top | item 46303994

(no title)

jmsgwd | 2 months ago

> passkeys in Safari requires iCloud Keychain

This is not true - browsers including Safari support passkeys managed by third-party password managers.

I'm using 1Password with browser extensions for Safari and Chrome on macOS and iOS and it works seamlessly with my passkeys, which are not stored in iCloud Keychain.

> you're always locked in to one passkey vendor or another.

This will change: https://1password.com/blog/fido-alliance-import-export-passk...

discuss

lapcat|2 months ago

> This is not true - Safari also supports passkeys managed by third-party password managers.

I think you know what I meant and are just being pedantic here for no good reason.

Do you think I'm unaware of 1Password? I don't want to use 1Password any more than I want to use iCloud Keychain.

Technically, pendantically, Safari "supports" anything that third-party Safari extensions support. I'm a Safari extension developer myself. But this is totally different from how Safari supports the use of passwords, which is all built in, requires no third-party software, can be local-only, allows plaintext export/import, etc.

> This will change: https://1password.com/blog/fido-alliance-import-export-passk...

This is literally what I meant by the so-called "secure credential exchange" in my previous comment.

unsnap_biceps|2 months ago

Reading the cfx spec [1], the raw private key is exported as a base64 encoded der. I don't understand what your concern is here. It appears that any cfx export file is not tied to a specific service to service import path, but can be imported into anything, or just used locally with self written tools.

1. https://fidoalliance.org/specs/cx/cxf-v1.0-ps-20250814.html#...

jmsgwd|2 months ago

OK I see what you mean. Having the ability to switch between vendors but not the ability to export your data locally (e.g. as plaintext keys) is a new meaning of "vendor lock-in" I hadn't considered before.