I've used them across Chrome, Firefox, and Safari on Linux, macOS, and Windows (10 and 11) for large websites. I've used them for Github, as 2FA on various services, and as the primary login for some websites, such as the local grocery store (Albert Heijn). I also use them for authenticating to my personal Keycloak server which acts as a guard for a whole bunch of services in my network.
Support is far from universal, but it's definitely getting better. Unfortunately, protocols such as CTAP2 don't seem to have been implemented on Linux, so it lacks the "log in using your phone" prompt that makes them super useful on proprietary operating systems (like fingerprint/touch ID, but without needing to add every device manually).
Support is far from universal, but it's definitely getting better. Unfortunately, protocols such as CTAP2 don't seem to have been implemented on Linux, so it lacks the "log in using your phone" prompt that makes them super useful on proprietary operating systems (like fingerprint/touch ID, but without needing to add every device manually).