Oh, I didn't realize passkeys and totp aren't the same thing. Totp secrets go into the CSV. Don't think I even have any passkeys to test with. And supposedly 1Password doesn't let you export either.
This seems bogus. I'd rather simply use a random per-site password; looks like passkeys are the same except non-interoperable.
Bitwarden lets you export them as part of at least their JSON export, but unfortunately there's no specified interoperable format yet, so you can only import them back into Bitwarden (which you can at least self host; you could reimplement their serialization format if you're really determined).
There's some movement in that area in the related FIDO working groups, but I think we'll (by design) never see something like CSV export, and it'll be more like a standardized account migration.
> I'd rather simply use a random per-site password; looks like passkeys are the same except non-interoperable.
They're significantly better than a random per-site password since they can't be compromised on the server side (due to being based on public key cryptography), unlike regular passwords and TOTPs.
I guess the real advantage is, if their server is temporarily compromised, they don't have to make me reset my password to get back in. But it's a per-site password, so the attacker can't use it elsewhere.
This seems bogus. I'd rather simply use a random per-site password; looks like passkeys are the same except non-interoperable.