@james
Using Bitwarden means keeping your secret on a potentially compromised device. Better to use a hardware key.
The problem with both Yubikey and Nitrokey is that if you lose the device, you lose the key. Big problem.
The fact you cannot recover a passkey, make those devices a pass, from us. Or at least, they must be used in a far more careful and limited fashion - ie, fallback to email recovery - than what would otherwise be the case (sovereign recovery).
With Trezor - and other hardware wallets that use deterministic webAuthN - you can recover from a seed. This means that the loss of a device is not catastrophic.
EDIT: Am reading the Trezor forums and apparently they do support Passkeys, it's just that the Resident Key is encrypted with the seed, and not deterministically generated. So for recovery, you just back up the file using regular cloud storage.
Looking forward to testing it on cloudron, and letting you all know the results.
https://trezor.io/guides/bonus-tools/what-is-fido2
