Billions of login credentials have been leaked online

[cyberax]

That's incorrect. There is nothing in a passkey that identifies it as a "key from KeePassXC", so it can't be blocked.

BitWarden exports passkeys just fine as cleartext, or to be precise as a file encrypted by the user-specified passphrase. So you can then decrypt it at your leisure.

[stavros]

While I don't agree with the grandparent's fears, you're only half correct: The server can mandate that you use an authenticator from X company, so some sites might block KeepassXC, even if they don't block a specific key.

[cyberax]

There is no specific attribution in Passkeys, there's AAGUID but it's allowed to be all-zero. So they actually can't block passkeys _from_ KeypassXC.

They can instead block all the passkeys, to be exact: WebAuthn credentials that are not rooted in hardware and don't have attestation.