I've complained about this to Google's security folks, and basically the answer I got there was that they don't believe in password managers as a solution and would rather have FIDO/U2F become a thing.
Also, if you've ever recommended a password manager to someone not very technical, pretty soon they forget their master password, and now can't access their passwords, and its' your fault.
Having said all that, Chrome's password manager has been getting better, and they do have an app auto-logic on Android, so maybe those will combine. But I don't think it's a good lock-in strategy for Google, because they don't have a holistic ecosystem - most people are not using Chromebooks - so there isn't really any lock in play for them. Same thing goes for Microsoft, and to some extent Apple, since Safari isn't overwhelmingly popular on OSX.
IMO what is really needed is a standard for this, rather than lock in, so that these companies can co-operate on this and stop trying to make this a marketing bullet point.
They have a point. We've had the technology for improving authentication for literally decades - that's effectively what a SIM does. We've had these secure modules in our smartphones forever. The technology is dirt cheap, ubiquitous, and with the advent of these wireless transports the user interface problem is solved. The infuriating thing for me is we still don't use it.
Google has succeeded in forcing the planet to move to https, so I guess they imagine they can do the same thing for authentication. If they succeed they will kill phishing. I wish them luck.
If it were possible to have a NFC WebAuthn implanted in the back of my hand and I could invisibly control the userHandle it handed out by invisibly twitching a muscle or something, I'd be falling over myself to get the surgery done.
The only part it’s “missing” is a 2FA TOTP generator, but apps like https://cooperrs.de/otpauth.html work quite well in that regard so it’s not a major pain point.
Safari + (iCloud) Keychain is IMO evidence that good password management can work client side - these “alternative” solutions like login links via email etc are basically catering to the shit experience of other browsers/platforms.
Thus you wouldn't need a password manager if everything was Google Identity Platform....
That aside chrome has a password manager. I'm not saying it is the perfect solution, but it is there.
Other than a handful of cases that they're not focused on I'm thinking they're still focused on their identity platform.
Alternatively: /Applications/Utilities/Keychain Access.app
On iOS: Settings app -> Passwords and accounts -> Touch ID/Face ID
Which law specifically would make Apple liable if your iCloud keychain was hacked and the credentials used?