Yes, no conflicts. I don't know if you can only share part of vault; I just created a separate one for a separate team.

I wouldn't put it in Google Drive or anything like that. The separate sync logic will definitely cause conflicts.

I'm not worried about having access if I'm offline, because if I'm offline I'm not going to be able to log into anything anyway.

It's hosted on a local network share, so we don't need Internet access.

If can't copy paste, I just type it out.

We use a VPN to the office.

At the very least you're misguided or don't know what you're talking about. Passkeys are not vendor locked in and of themselves.

You can make the same argument against password managers because most iPhone users that use them, use Apple's one.

They will almost certainly lead to vendor lock in. Why do you think they won't? Apple's password manager is definitely an example of vendor lock in. Many others have a simple to use export feature to CSV or something that others can understand

Edit: it could be that you don't know what the WebAuthn/FIDO2 specification says or we understand it differently? Do you know how the attestation mechanism works? That ties the key to a device or software authenticator (the software authenticator is likely going to tie it to the device somehow, possibly even via a TEE).

Passkeys provide a secure way to authenticate while also being convenient. With the tradeoffs you mentioned.

I don’t like the push for only allowing some vendors to issue keys and to not allowing exporting and backups. And password should still be an option.

Password can also very easily be stolen during phishing, while passkeys are phishing resistant.

And while a hardware passkeys can be stole and used, those who steal them will still need the pin to use them, and the two major hardware passkeys options now (Yubico and Token2) both have some pin brute force protection in their firmware to slow someone down long enough for an account to be secured another way.

As for passkeys on phones, they require the pin or biometric used to unlock the phones to be used.

"Difficult to recover from" was referencing setting all of your accounts back up. I should have also included "lost" and "broken" to make that more obvious. Many hardware (most? all?) passkeys do not allow for backup and restore.

But I do see an issue with stolen hardware passkeys being used for access too if they're a primary factor. With the mitigations you mentioned hopefully holding up.

Yeah, it’s not an uncommon use case to accidentally or even intentionally edit the database on two online devices - I do it all the time when I want a new login to be used on my laptop right after I signed up for some new website on my PC, and the laptop just happens to have an “unpushed” change from last evening, or I edit the new login’s metadata, or whatever.

With this, I’d have to keep a mental model of the versioning of each database and avoid even touching my phone like the plague if KeePass is open on my computer.

It’s not that big of a deal, it’ll probably be a problem once every few months, but it’s annoying to keep track of and worth talking about.