If you're using Safari there's password management builtin, though obviously that assumes you're Apple+iCloud+safari ecosystem only which is an infeasible restriction for many people.
The passkeys API is afaict actually a spec to handle hardware token based login which Safari uses the builtin SEP (or the SE? I can honestly never recall which is which) so it's more streamlined than digging around for a token. But then I don't know how it (either the specification or the safari implementation) handles multiple devices. But again it seems possible that you hit similar "are you a safari only user?" ecosystem issues.
If you're using Safari there's password management builtin, though obviously that assumes you're Apple+iCloud+safari ecosystem only
Safari actually uses Keychain, which has been part of macOS since it existed and long before Safari and iCloud were even thought of.
But again it seems possible that you hit similar "are you a safari only user?" ecosystem issues.
Passkeys is WebAuthn, an industry standard that uses public key encryption. Your public key is your identity and the private key is essentially your password. It doesn’t require a secure element or anything like that.
There’s no reason why Passkeys created on a Mac can’t work on Windows or Linux that have browsers and password managers that support Passkeys/WebAuthn.
> Safari actually uses Keychain, which has been part of macOS since it existed and long before Safari and iCloud were even thought of.
I know how safari and keychain works, and my statement stands as a reasonable summary of the end user experience.
Keychain is the mechanism by which passwords are stored, but the integration into the browser is only available in Safari - you can manually open and use KeychainAccess to get the passwords for use in other browsers but that is far from what is expected from modern password manager UI - the UI for this path is even worse on iOS. To get the syncing between devices that people want from password managers using the safari password system requires an iCloud account.
> Passkeys is WebAuthn, an industry standard that uses public key encryption
The generation using the secure element/touchid seems to be safari only, and the key material is as you say stored in keychain, which other browsers do not use and so do not have access to. So using them has the effect of tying you to the safari/apple ecosystem.
Question of ecosystems are a matter of "how does an end user actually use a feature?" not "could a sufficiently skilled user use the feature across multiple ecosystems?".
Other browsers could use Keychain if they wanted to; it’s a public api; there’s even a command line tool.
Other browsers have their own features for syncing passwords, extensions, etc.
There’s no reason why a future install process for Firefox, Chrome, Brave, etc. couldn’t offer to import Safari’s Passkeys just like they do bookmarks.
But they don’t and the point is you can’t use Safari on one machine and Firefox or chrome on another (although someone said there might be an extension for chrome in windows at least?).
The passkeys API is afaict actually a spec to handle hardware token based login which Safari uses the builtin SEP (or the SE? I can honestly never recall which is which) so it's more streamlined than digging around for a token. But then I don't know how it (either the specification or the safari implementation) handles multiple devices. But again it seems possible that you hit similar "are you a safari only user?" ecosystem issues.