This isn't last generation's 1Password "app", they've been on a tear last few years in turning into a "platform". Explore the dev docs for CLI tooling, integrations, more, and it all works for teams (including with SSO no less) not just individuals.
It still requires you to install the 1Password app or browser extension manually on all devices. Google leverages Chrome & Google Password Manager that most non-technical users have installed / enabled by default.
While I agree that 1Password has the cross-platform sync feature for some time, I think it's different magnitude now that Google offers it (via GPM), as GPM works as the default password manager for many, many non-technical users.
What are some best practices for portability of passkeys?
I've built me a little password manager (namely https://github.com/conradkleinespel/rooster) and wonder if I could make it support passkeys, at least as a backup solution to the likes of 1Password.
While I totally get the usefulness of passkeys, I feel like having a backup of some sort is needed, in case the device breaks, gets stolen, etc.
Their cross-comparison of vendors toward the end is pretty disingenuous. For starters: authentication entries stored in iCloud Keychain aren't "natively" accessible to Firefox and Chrome users on MacOS. Apple does officially distribute a Chrome extension to make them accessible, but as far as I'm aware there's no way to get at them from Firefox. This would make the cross-comparison for iCloud look much more like the third party password manager column.
On multiple occasions they mention the "Passwords App coming to Windows"; this is entirely supposition. Apple has said nothing about this, period. Yes, they have passwords available in iCloud for Windows, but its missing a ton of functionality, loses authentication with your Apple account constantly, and is overall an unusable experience.
Nothing being stated in this article is new, nothing Google is adding is even new let alone "groundbreaking" (their words), applications like 1Password have had this for what must be nearing a year now. But, my suspicion is that Corbado, whoever they are, wouldn't want to talk too much about the capabilities of 1Password, because they directly compete with one-another [1].
I am one of the Co-founders. We have heard from members of the FIDO2 community who are closer to Apple that this will probably happen. You are right that Apple could also be positioned more as a password manager on other platforms; we have considered this. However, this is not how most people currently perceive it.
Google releasing this functionality to production is relatively new for those outside the passkey community, although it is not surprising when following Chrome Dev.
Overall, the tendency of Apple and Google to focus on passkeys for consumers and make them accessible is an interesting angle. In our blog, we frequently discuss password managers; in fact, we are also 1Password customers. Passage is a part of 1Password that operates in the same field as we do, likely because they recognize a potential threat from Apple and Google in the consumer space.
For companies implementing passkeys this is quite a significant change, because now a Chrome can carry a passkey that used to be a cross-device case before. The ecosystem is getting more complicated...
I use my iCloud passkeys from Firefox Developer Edition without relying on an extension, so it’s implemented there at least. Dunno about “stable” Firefox.
There's still no standard exports/backup formats, yeah?
Some previous comments made me think there was an acknowledgement that this had to come, that trust us to store and manage this for you wasn't going to be enough, was blocking adoption/acceptance so heavily that the security upsides were starting to look irrelevant.
"Now" why? What's changed? There's no demand for it. The market of people who say "I'd switch to iCloud Keychain if only they had better Windows support" is vanishingly small, and at the end of the day Apple doesn't reap revenue from iCloud Keychain anyway so why do they care if you switch?
A more native and higher quality Apple Passwords app for Windows wouldn't even really solve anyone's problems. I don't know the specifics on how the Windows Hello authentication layer works, but my assumption is: Apple can distribute this app, but this app couldn't just make its passkeys natively available to e.g. Chrome on Windows, without a browser extension which would effectively bypass the app anyway. And, Apple already has a Chrome browser extension.
That is the next interesting point. At the moment, you are right; there is no third-party password manager support on Windows. However, when they integrate synced passkeys, they might offer that. I think, until now, there has been no strategic value in leveraging access management for customers. Once you have a passkey in your cloud, you have a connection with a website forever (unless you revoke it). The future is an automatic login via passkeys (with user consent, of course).
What changed: Apple & Google want to enter deeper into customer connection and at the same time offer a more secure and convenient authentication for their customers.
For that matter, 1Password offers site devs an ability to accept passkeys:
https://passage.1password.com/product/passkey-complete
This isn't last generation's 1Password "app", they've been on a tear last few years in turning into a "platform". Explore the dev docs for CLI tooling, integrations, more, and it all works for teams (including with SSO no less) not just individuals.