I've flagged this as a low value submission, despite the fact that I'm the author the linked social media post. It's not much more than a little rant.

However, I will give credit to the comment https://news.ycombinator.com/item?id=37837124 on the submission "Passkeys are now enabled by default for Google users" https://news.ycombinator.com/item?id=37832585 for the link to the 1Password AMA: https://old.reddit.com/r/1Password/comments/16to6x7/hey_redd...

I did write a longer blog post on the subject a number of months ago: https://news.ycombinator.com/item?id=35854216 (176 comments)

> The only way to avoid vendor lock in is to allow passkeys to be persisted unencrypted.

Is this true? Naively I’d expect there to be a two-key solution that would allow Vendor A to transfer passkeys to Vendor B without requiring them to be stored unencrypted. Is the issue just that the two vendors have to trust each other (as opposed to just both being trusted by the user) for that to work?

> Naively I’d expect there to be a two-key solution that would allow Vendor A to transfer passkeys to Vendor B without requiring them to be stored unencrypted.

That's actually the kind of implementation I expect them to produce.

> Is the issue just that the two vendors have to trust each other (as opposed to just both being trusted by the user) for that to work?

I think the issue is that neither of the vendors trust the user.

They'll probably devise an exclusive (i.e., monopolistic) list of trusted vendors.

plaintext passwords are automatically converted to stars on hacker news...

So what to do? Use 1Password, Bitwarden use iCloud Keychain or something different like Enpass, KeePass, Strongbox or something else to sync it local?