My current workflow when I sign up for a website is to save my login and password to my password manager. This works across all platforms and browsers, and I use both Mac and Windows along with using both Safari and Firefox.
If I choose the passkey option Passkey stuff comes up on Safari and I’m 80% sure that means I can’t use that passkey with my PC? I don’t know how to make sure my passkey isn’t lost by switching devices.
Then what do I do if I use an embedded web browser like the one on a Steam Deck or Meta Quest? With my current workflow I can just reveal the credentials and type them in in a worst case scenario that my password manager can’t be installed on that device.
I have no idea what I am supposed to do, and this is even true despite the fact that I am aware that my chosen password manager supports passkeys.
If this is the learning curve the average person is supposed to contend with I am hesitant to migrate because something this difficult to figure out will never be mainstream.
I would welcome any of you to tell me how this is supposed to work.
Passkeys are at the beginning stages of support both from the perspective of platforms (OSes, browsers, passkey/password managers) and websites. e.g., Firefox is still figuring out how to support passkeys from OSes and passkey/password managers (e.g. https://connect.mozilla.org/t5/ideas/support-webauthn-passke...) and will likely (this part is just speculation) support Firefox sync as a passkey manager eventually.
This is why there is no major website that is requiring users to drop passwords yet. Nor am I aware of any that allow users to even choose to drop passwords yet.
> If I choose the passkey option Passkey stuff comes up on Safari and I’m 80% sure that means I can’t use that passkey with my PC? I don’t know how to make sure my passkey isn’t lost by switching devices.
If you're saving your passkeys to a credential manager (i.e. password & passkey manager), once there is support from Firefox and your credential manager of choice is plugged into any prerequisite APIs, you will be able to use your passkeys between Windows, Mac, iOS, Android, Safari, Firefox, etc.
Devices like Steam Deck, Meta Quest, smart TVs may require additional support added. I'm not super familiar with the platform, but Steam Deck should be fully capable of supporting passkeys through hybrid flow. If it is running a chromium browser and has Bluetooth support, it would be trivial to add support for hybrid flow with a phone as the authenticator (that is: the phone has the passkey and signs a challenge with Bluetooth assistance). Smart TVs already have in place methods to login using a local smart phone, tablet, or laptop (which would use the passkey). I can't speak for Meta Quest because I have literally no idea how that platform works.
---
As for the median user globally: the median global user has 1 device: their smartphone. Passkeys are so simple in that case. These users likely are not using any credential manager other than the one built in. Each of these major platforms (except maybe for some Chinese OSes that I'm not familiar with) already has recovery mechanisms in place for when users lose their device.
The next largest group has 2-5 devices, with basically all of them able to work just fine using the phone as a hybrid authenticator.
You are not a simple case. In fact, anyone that chooses to use a non-platform credential manager is not a simple case.
I don’t understand how to use them.
My current workflow when I sign up for a website is to save my login and password to my password manager. This works across all platforms and browsers, and I use both Mac and Windows along with using both Safari and Firefox.
If I choose the passkey option Passkey stuff comes up on Safari and I’m 80% sure that means I can’t use that passkey with my PC? I don’t know how to make sure my passkey isn’t lost by switching devices.
Then what do I do if I use an embedded web browser like the one on a Steam Deck or Meta Quest? With my current workflow I can just reveal the credentials and type them in in a worst case scenario that my password manager can’t be installed on that device.
I have no idea what I am supposed to do, and this is even true despite the fact that I am aware that my chosen password manager supports passkeys.
If this is the learning curve the average person is supposed to contend with I am hesitant to migrate because something this difficult to figure out will never be mainstream.
I would welcome any of you to tell me how this is supposed to work.