Recent searches
Search options
When I say that passkeys are and will be interoperable, I’m extremely serious about it.
This year:
- Chrome, Firefox, and other browsers on macOS can save and use iCloud Keychain’s passkeys (they need to adopt this)
- Third-party password managers can participate in the ecosystem on iOS, iPadOS, and macOS
- The passkeys from those third-party managers will also be usable by all web browsers
Here’s a thread with more information: https://hachyderm.io/@rmondello/110509448037547578
Please spread the word!
@rmondello
Wow. I didn't know this. Awesome.
@rmondello I don’t suppose you’re allowed to do podcast appearances about passkeys ? Or could point us to someone who could ?
Feel free to PM - I didn’t just because we’re not mutual so wanted to respect.
@rmondello Cool, never understood why Chrome and Firefox does not support the keychain. It makes both browsers a pain to use. Maybe this will convince them?
@lorrden @rmondello they both used to, but dropped it years ago. I think the reasoning was something about avoiding platform-specific code.
@rmondello Any idea when this year?
@seriouslyjeff @rmondello iOS 17, iPadOS 17 and macOS Sonoma which add support for these features are available as a Developer Beta now, Public Beta will come next month, stable releases will come in the fall.
@rmondello Love all the work you and your team are doing. Incredible work! :)
@rmondello unfortunately I see ~no movement on the Mozilla side.
@djc @rmondello I know two ways that you can use passkeys in Firefox at this point — the beta version of the 1Password browser extension or physical security keys (like the Yubikey). Bitwarden is also working on their implementation. Those methods aside, Firefox lacks native support to save passkeys on device or use them via a QR code and I haven’t seen any announcements about it yet.
@bitwarden is planning to release their passkey support this summer. I’m looking forward to being able to use them across all my devices.
@rmondello Ricky pls stop giving us more work 
Nah just kidding this is awesome! Can't wait to see what the ecosystem looks like in just a year. Keep the features coming 
@rmondello That gives some hope they *can* be interoperable in the future.
But unless I just don't understand what you are saying, I actually think it comes across as a bit disingenuous to claim that they already *are*, by pointing to *one* of the parties adding API support that will allow others to interoperate with their system in a *future* release.
For any given user it needs to interoperate between all the systems they use *now* for it to already be interoperable, that is just not the case.
@hlindqvist Keep holding the industry and me to a high standard. We have more work to do.
@rmondello To be clear, I genuinely hope that I have good reason to let go of my own skepticism soon enough.
Interoperable passkeys would be a big improvement over the mess that is passwords.
The way the passkeys system was first presented however, without a plan for practical interoperability outside vendor-locked sync, is good reason to wait and see what actually happens on that note, I think.
@rmondello I know you can't talk about future plans, but a dedicated password/passkey app on iOS/macOS would really be huge. The section in Settings is okay, but it's got nothing compared to a dedicated password manager like 1Password. Worse still is seeing someone like my mom struggle through it. The foundation is great, but the UI really needs work.
@mattstocum Would you mind telling me more or everything that you think on this topic, in as much detail as you can? I'm genuinely interested.
@rmondello I can certainly try, I’ve set a reminder for tomorrow morning to reply in detail when I’m sitting at a computer. But at a high level:
1. Discoverability, the Settings page is not something my 70-year-old mother is going to find.
2. Combining related info, 1Password has credit cards, passwords, ssh keys, home addresses, all in one location. iOS has some of these (I don’t think it stores ssh keys) but they’re spread out across the OS. Having a single place to edit everything is easier
@rmondello wrt #2, I have no idea where addresses and credit card auto fill info is stored in iOS. My iPhone still seems to think I live at my old addresss.
3. I guess this is more of a feature than an app thing, but there doesn’t seem to be any way to associate a single username/password with multiple URL.
4. This is where I can’t quite explain things, but 1Password just seems easier to browse and find items. Part of it is 1Password let’s me name things, in iOS it seems to be the domain name.
@rmondello I’ll elaborate more in the morning. If anything doesn’t make sense, please let me know, and I’ll try to explain better. And thank you for taking the time to ask my opinion.
@rmondello The more I think about it, I think the main things a system level password manager on iOS could provide are greater discoverability and bringing all of the various auto-fill data into a single location (passwords/passkeys, mailing address, email address, credit cards). The ability to name entries would be huge, as would the ability to associate a single password with multiple domains.
@rmondello @mattstocum I agree with all of Matt's followup comments. A hard-to-find location in Settings just isn't how people use their phones. This type of functionality is an app.
@rmondello if someone signs up with a passkey in iCloud Keychain can they easily migrate to a third-party manager? imo this is a bigger issue for iCloud since it's not cross-platform
@rmondello you and your team are doing amazing work here. Love to see it!
@rmondello Nice! As a user I really like what I've seen from passkeys so far.
Though as someone who helps manage a couple of large(ish) research compute clusters at a university I have to wonder if there's any chance of a PAM module in the foreseeable future...
(I assume this is outside your wheelhouse, just curious if you've heard any buzz)
@rmondello This sounds really great!!
To confirm, if I want to share passkeys between iPadOS Safari, Android Chrome, and Windows Firefox, the best route is going to be a third-party password manager, right? And per your tweet, Safari/iCloud/iOS is doing its part there?
@domenic @rmondello 1Password currently supports passkeys for all major web browsers on the desktop in the beta version of their browser extension. They’re also working to support this feature on iOS/iPadOS 17 and Android 14. Bitwarden will also support passkeys soon. Using a third-party password manager is the easiest way to use passkeys cross-platform.
@rmondello
There's a lot of "can" and "will" doing heavy lifting here. And no mention of OSs other than Apple (and implicitly MS).
I'll be more interested once it's all "fully does" and on Linux, *BSD and so on.
@jannem As an Apple employee, the only lifting I can do is on Apple’s platforms. The best I can do is set an example for the industry with regards to user experience, standards, and interoperability, and hope that Linux, *BSD, and the like decide to participate.
@jannem Please do hold me to a high standard. Please hold passkeys to a high standard. But know that some of us are doing our best in our lanes. :)
@rmondello
I appreciate your sentiment, and I know the passkey thing is coming from a good place. I fully support it (with the exception of tying part of it to your phone and to Bluetooth, but that may change).
But I meant it about "can" and "will". Being able to identify yourself is important enough that nobody normal should use this until the promised infrastructure is fully here; in widespread use; and UI debugged by people too brave for their own good.
@rmondello This makes me extremely happy. Can’t wait for it to work in work related SSOs. It’s absolutely awful right now having to login multiple times depending on browser required, etc. Single it is not.
@rmondello Times like these I wish more of Linux's ecosystem hadn't centered on the most obnoxious possible languages to use for all the main DEs that provide this sort of features.
Because they'll certainly all need patching to work properly in #QubesOS
@rmondello
Anxious to hear plans from @bitwarden
@rmondello This morning I added passkeys to my accounts for all services that support them (Google, Shopify, etc.). It was easy to do, and the passkey login experience is… really nice!
@rmondello I assume other browsers tapping into iCloud keychain and iCloud keychain will require Sonoma? Bit disappointing it so instead of just an extension for the browsers.
@rmondello aha, this is good stuff. A question: when you say third-party password managers, is it possible to export passkeys and then import them elsewhere into a different app? That's one of the big things which keeps me from looking further into this.
@rmondello But what if the other browsers decide not to integrate with you? Would you consider a chrome/ff extension?