Ah but why are they better than classic credentials then? I thought they were device specific and thus "2fa build in". I thought you'd have to approve every new device from an existing one? But indeed I never saw that in action...
Pretty sure I could with VaultWarden. For Proton indeed it seems to be an open issue. In theory it should be doable right? It's not like "impossible because of the spec" or something?
The difficulty of exporting them is kinda the point(sorta). The benefit of passkeys is that the average user is less likely to hand them over to a scammer, because they literally can't/don't know how, whereas everyone and their mother knows how to give a scammer their password/username and the funky numbers in the email they just got.
> It's not like "impossible because of the spec" or something
It could be, but I don't know if it is. One of the design points is that they are cryptographically un-phishable or something to that effect.
The ability to export directly conflicts non-phishability, at least in theory. I've heard conflicting information about what precisely is allowed or possible.
No, they can be synched. There are different types of passkeys, synched and device-bound (for YubiKeys, etc.)
Hope this clears up the confusion (haha).