It's tied to vendor lock in. Which increases the ability of companies who develop certain technologies for the masses to increase the friction of interacting with things outside of the ecosystem. The argument is that if a user is unable to use an alternative, by hook or crook they will pay increasingly high subscriptions to access the services provided by that ecosystem. This increases a number on a spreadsheet, the only true compelling argument one could say
As long as the passkey spec includes remote snitching (attestation) your keepass open source alternative will exist only because big tech allows it, and it will end when big tech demands it. The entire import/export standard is a red herring.
It's sort of happening already. Members of FIDO threatening to block KeepassXC users [0] from logging in, unless KeepassXC complies with FIDO demands regarding specific implementation
On one side of the pond, we have the EU's Digital Markets Act to protect consumers. It has teeth and it's already being used to ensure consumers have choice.
Not so sure that EU bureaucrats will understand and fix that problem. With NIS2, they let the IT-security-crapware lobby dictate draconian and mostly stupid security laws. Could be that the security-paranoid part of the bureaucracy overrides the consumer protection part in that case.
I'm not making changes to my security workflows now based on promises that the lock-in potential will be reduced as some unspecific point in the future.
It's tied to vendor lock in. Which increases the ability of companies who develop certain technologies for the masses to increase the friction of interacting with things outside of the ecosystem. The argument is that if a user is unable to use an alternative, by hook or crook they will pay increasingly high subscriptions to access the services provided by that ecosystem. This increases a number on a spreadsheet, the only true compelling argument one could say