Comment by alasarmas
3 days ago
One major flaw in this approach is the one-way channel (keyboard input) prevents the password manager from knowing if it is supplying credentials to the correct recipient. Phishing attacks are relatively common and users expect a password manager to know these things, even in situations like you have described where it’s clearly impossible. I think this is why this approach hasn’t succeeded in the marketplace and FIDO2/WebAuthn support seem to be table stakes.
Yeah, certainly a proper security module / passkey-type approach is ideal, it would be hard to justify all the bother of developing a bluetooth typer if really the only use-case for it is legacy devices that are old enough to not have an OS supporting the client app, but new enough to still pair with a device pretending to be a bluetooth keyboard.