Are you saying that it's not always possible to import/export passkeys because you can manage them with some program that doesn't allow it, but the same is not true for passkeys?
Counter-example: I can write a password manager that will not allow you to export/import passwords.
There are cases where bitwarden doesn't work but chrome for example does. Easy to Google up.
For passwords however, I never heard of a case where a website only accepts passwords from a specific password manager - and how could they even do that right?
I don't think your reasoning holds. You say "I know situations where one passkey client works with some websites and not others, but I don't know situations where a website works with some clients and not others".
If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?
> If the website accepts a password, then it can't prevent you from using the password manager you want. But if the website accepts FIDO2 passkeys, it's the same thing, isn't it?
Those sound like requirements similar to those that can be enforced with passwords. My company enforces an SSO system with an MFA scheme that is controlled by the IT department. I can use my password manager for the password part, but I must use the mandatory MFA app.
In that sense, I am not sure it is so different from passkeys?
Now you are not comparing passwords with passkeys anymore, but MFA with passkeys. Not sure what the point is in the context of the discussion.
> In that sense, I am not sure it is so different from passkeys?
Yes, if it means "company specific SSO* and a company chooses to force you to use the hardware they decided on, then that is in fact not very different from the passkey constraints.
Counter-example: I can write a password manager that will not allow you to export/import passwords.