Please, please, please stop using passkeys for encrypting user data
blog.timcappalli.meMaybe I'm not getting it. Doesn't the problem start with ever deleting a passkey? That is: how do you ever know you don't need it anymore?
Also, what is the alternative? Just a password that you store in the vault? Seems like deleting those gets you back to the same place (with all the disadvantage of a plain password).
What's the difference between keeping a passkey in bitwarden, and just using a password, also in bitwarden?
Mainly that a service can't refuse passwords from Bitwarden, whereas in a few years you'll find yourself reading an article about how a bank in Luseristan has decided to require that their users sign in using Passkeys stored in an attested authenticator (not Bitwarden) running on an attested device (not any current Linux desktop).
Your mom uses Bitwarden?
Not to mention the challenges when (gasp!) a single user uses more than one device. Like, yes, some of us have both desktop computers and phones, thanks for asking.
This is why I refuse to let most sites set me up with passkeys. I’m considering making exceptions for the ones that usually get this stuff right (like GitHub).
Not sure what you mean. In most cases, passkeys sync across your devices.
People with all Apple devices do not consist "most" of users
This is the case in other areas though. I keep some of my passkeys in BitWarden and that is cross device/platform as well.
that seems like an excellent reason to avoid a buggy platform, as if there weren't other adequate reasons...
Just add more than one passkey to your account?
Only a small subset of sites seem to support that so far.