We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
When I was trying out passkeys, things allowed either passkey or password still. But yes, I think this need partially reduces the security benefit of passkeys.
How do you login from a device that doesn’t have Bitwarden on it if you have passkeys.
For example a friend’s computer etc
With a password I can type the 20 or so digits of the password. Can’t really be done with a passkey as far as I know
When I was trying out passkeys, things allowed either passkey or password still. But yes, I think this need partially reduces the security benefit of passkeys.