I use them with bitwarden and a self hosted vaultwarden. If my phone breaks, no issue. If my server breaks, I got local backups… Keys are stored encrypted in a postgres database for which I have access, if I need to restore it. No lock-in issue or risk of loosing access when one or two devices break.
I store the passkeys in my self hosted vaultwarden, they are a good replacement for auto inserting random passwords via text boxes.
I echo the criticism of the term ‘sideloading’, before it started to mean just installing software, I assumed it meant using a separate device or software on the side, like a PC with a debug interface or memory inspection tools, to inject custom code into a running system or software.
Similarly to preloading libraries into games or other software to replace functions in order to change or enhance the game or software. For instance used with script extenders or game mods. There it is ‘pre’ because the software is not running yet. ‘Side’ would be on running software.
But installing applications (the distribution doesn’t matter) is in no way side loading.
And I really hate that the press or whoever picked this term up from apple or google and ran with it without question.
And now, because that term is so strange and useless in that way, its definition keeps getting changed into whatever the industry needs in order to squeeze out more money and personal data, while taking away the freedom and rights of the owners.
True. But most good stuff isn’t a solution for everyone. It takes real effort to escape vendor-lockin. Bigtech made sure of that.
If something is too simple to set up or requires no set up, or comes from a for-profit company, but doesn’t cost anything, then it always suspicious.
I am just saying that the issue is not with passkey itself, but the individual implementations and that google/twitter/etc. is pushed towards regular users.
Critiquing passkey because vendor-lockin is like critiquing HTML for allowing ads.