Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
KeePass
Self hosted password keeper
I already use KeePass, but as far as I know it doesn’t do passkeys, only passwords?
Bitwarden does passkeys supposedly. Haven’t tried it myself yet because I don’t know what to make of passkeys.
Currently Bitwarden’s passkey support is limited to the browser extensions not the apps but from my experience it works relatively well. When logging into a site you just select the passkey from the extension popup and it logs you in.
Example passkey registration:
Example login:
I haven’t seen anything about the original KeePass supporting them but KeePassXC is working on it:
https://github.com/keepassxreboot/keepassxc/issues/1870
I have been super hesitant to look into KeePassXC, should I give it a chance?
Of course, unless I can also access these features on my phone it doesn’t really matter…
Yeah, unfortunately passkey support on mobile outside of what the OS/browsers provide is kind of not there at the moment but it’s being worked on. Android 14 apparently has some kind of framework for integrating in third-party passkey providers. At this point, you should view passkeys as an additional, more convenient and secure way to log in on the platforms it’s supported on, not necessarily the only way to log into an account.
Pull the software down and give it a look. Set up a database with no real passwords in it just to play with the various features.
I recently switched to KeePassXC and it looks nicer and is easier to use. The also include some addon functionality into the app so you don’t need to trust that. The only downside is that it doesn’t automatically fills the browser text fields, you have to click on a green icon in the text field - but that is more secure. They also have an android app.