- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Passkeys: how do they work? No, like, seriously. It’s clear that the industry is increasingly betting on passkeys as a replacement for passwords, a way to use the internet that is both more secure and more user-friendly. But for all that upside, it’s not always clear how we, the normal human users, are supposed to use passkeys. You’re telling me it’s just a thing… that lives on my phone? What if I lose my phone? What if you steal my phone?
By default the big three (Chrome, Safari, Edge) store them via their normal syncing processes (Google Passwords, iCloud Keychain, Edge’s password manager). If you use a different password manager (e.g. Bitwarden) it’s handled by their normal processes (cloud, syncing a database file, etc). I don’t believe there is a way to export a passkey from most of these at the moment but you can almost always have multiple passkeys attached to an online account so you can always just add your new password manager to your account as another passkey.
There is a way to use a key backed by the hardware that is not exportable such as using a TPM or a physical USB security key but I believe that most are pushing the synced ones for the convenience of the end user.