I think Proton Pass just stores one key for all devices? Not even sure! But it does work anywhere without the experience you had: I go to a website I have saved, it pops up, I click and am logged in.
Not sure if Proton does the device specific stuff under the hood (and hides it well), or if they are abusing the system by simply sharing the private key over all devices? (That is misuse right? Idk, I had the same experience with BitWarden). The keys should be device specific right? That's the 2fa replacing magic.
I too, have no idea. And I too am a bit disappointed it is so difficult to understand what happens. I do believe I can just export the keys and import somewhere else (i.e. Proton <-> BitWarden), which would suggest one passkey per account... Hmmm... Also, I believe it's just Google and Apple that try to make this a walled garden, it wasn't designed to be like that.
Ah but why are they better than classic credentials then? I thought they were device specific and thus "2fa build in". I thought you'd have to approve every new device from an existing one? But indeed I never saw that in action...
Pretty sure I could with VaultWarden. For Proton indeed it seems to be an open issue. In theory it should be doable right? It's not like "impossible because of the spec" or something?
The difficulty of exporting them is kinda the point(sorta). The benefit of passkeys is that the average user is less likely to hand them over to a scammer, because they literally can't/don't know how, whereas everyone and their mother knows how to give a scammer their password/username and the funky numbers in the email they just got.
> It's not like "impossible because of the spec" or something
It could be, but I don't know if it is. One of the design points is that they are cryptographically un-phishable or something to that effect.
The ability to export directly conflicts non-phishability, at least in theory. I've heard conflicting information about what precisely is allowed or possible.
Not sure if Proton does the device specific stuff under the hood (and hides it well), or if they are abusing the system by simply sharing the private key over all devices? (That is misuse right? Idk, I had the same experience with BitWarden). The keys should be device specific right? That's the 2fa replacing magic.
I too, have no idea. And I too am a bit disappointed it is so difficult to understand what happens. I do believe I can just export the keys and import somewhere else (i.e. Proton <-> BitWarden), which would suggest one passkey per account... Hmmm... Also, I believe it's just Google and Apple that try to make this a walled garden, it wasn't designed to be like that.