We had originally planned to go all-in on passkeys for ONCE/Campfire, and we built the early authentication system entirely around that. It was not a simple setup! Handling passkeys properly is surprisingly complicated on the backend, but we got it done. Unfortunately, the user experience kinda sucked, so we ended up ripping it all out...
Passkeys are unique cert pairs for each site. The site gets the public key, you keep the private to login under your account. The site never stores your private key.
To store them simply, turn off your browsers password/passkey storage. Store them in your password manager along with other sites passwords.
Sounds similar to the SSL stuff, like for GitHub and stuff. I guess the preference in that case would be my password manager as it stores my password already.
Perhaps it’s best I pay for Bitwarden premium now and use those hardware keys people are recommending.
Also thanks!