> You can save passkeys on your own network if you use Bitwarden or if you want, write your own solution.
And then google or whoever will block login because your device attestation flag (part of the spec) doesn't say the right version of Chrome or Android. Maybe the website just won't let you login with firefox anymore "because hackers use it".
Don't worry, Apple zeroes out their flag (for now) so you'll just have to pretend to be an Apple device to get in (for now). Assuming the service in question doesn't have an axe to grind with Apple anyway.
Android passkeys return `fmt:none` as well if you ask for an attestation certificate.
Its pretty weird to claim that this is a big lock-in risk when both of the major players are not supporting attestation certificates for consumer use cases.
And the one well known site (vanguard) that was requiring an attestation certificate no longer does.
And then google or whoever will block login because your device attestation flag (part of the spec) doesn't say the right version of Chrome or Android. Maybe the website just won't let you login with firefox anymore "because hackers use it".
Don't worry, Apple zeroes out their flag (for now) so you'll just have to pretend to be an Apple device to get in (for now). Assuming the service in question doesn't have an axe to grind with Apple anyway.