This post prompted me to give it a try at webauthn.io.
Passkey support is disabled by default, so you have to enable it in the settings for the browser extension. After that, the UI seems reasonable enough. It creates an entry with a "Passkey" tag, where the Password field is empty, and the credentials are stored as additional attributes on the Advanced tab.
One thing I'm not sure about: although the extension has a setting to fall back to the browser's own passkey support, when I dismissed the KeePassXC prompt, I did not get a prompt from Firefox.
Thank, I hadn't noticed that, I thought I had to wait for the extension to be updated after the announcement from KeepassXC.
> After that, the UI seems reasonable enough.
I tried it on webauthn.io and I'm wondering if there's a point in showing a prompt on every login attempt, if passkeys are phishing proof. Why not just allow the login right away? Maybe show a notification that it happened, but why wait for user confirmation?
