loaded an HTML login page that had no discernable controls to use that Bitwarden passkey; expecting entirely for it to exist in my Apple keychain, which I never use

I use Bitwarden, yet not macOS/iOS. Whenever a passkey dialog from the wrong authenticator comes up, I choose option other to redirect to a device running Bitwarden: I see macOS & iOS offer similar controls. However, Bitwarden’s passkey dialog (section with links to configuring that) usually pops up, so that isn’t necessary.

But if that’s the case, how can I guarantee any other accounts I move over won’t fuck it up somewhere?

Save a recovery code in Bitwarden (add field type hidden named Recovery code to the login entry)? That’s standard practice for me, though I’ve never needed them.

I haven’t seen anyone get the concept of passwords wrong

I have control of the copy-paste function and can even type a password myself if needed

I’ve seen forms disable paste. Much can go wrong with passwords. Passwords require sharing & transmitting a secret (a symmetric key), which either party can fail to secure. Passkeys, however, never transmit secrets. Instead, they transmit challenges using asymmetric cryptography. The application can’t fail to secure a secret it never has. Far more secure, and less to go wrong.

The password field is a more manual, error prone user interface. With passkeys/WebAuthn, you instead supply a key that isn’t transmitted: easier than passwords when setup correctly, & nothing to do until it’s setup correctly.

Similar situation with ssh: though it can accept passwords, ssh key authentication is way nicer & more secure.