undefined | Better HN

0 pointsSheinhardtWigCo2y ago0 comments

It is special - it should be a reference to an asymmetric key stored in hardware. But it's not clear whether they are actually doing this.

0 comments

ryan292y ago

Some snippets from the FAQ [1].

> The public key is stored on the website and the private key is stored on your device or in your passkey provider, e.g. your Bitwarden Vault.

> Passkeys are often able to sync across your devices, however not all platforms support this yet.

So it sounds like it's not stored in hardware. It'll be interesting to see how it works if solutions that use a TPM or similar start to emerge. I have nearly 1000 passwords and many of them are shared with colleagues, parents, siblings, etc.. I can't even imagine a way you could make that work if the private key is owned by a TPM (aka a hardware bound key) and needs to be enrolled somehow prior to becoming usable.

What happens if I have 500 passkeys backed by keys in a TPM and I get a new computer?

1. https://bitwarden.com/resources/passkeys-faq/

tw042y ago

> What happens if I have 500 passkeys backed by keys in a TPM and I get a new computer?

In theory the same thing that happens today with a yubikey - you have multiple devices with valid keys.

Groxx2y ago

A big part of passkeys is that they are (often) not in hardware, so they can be synced.

SV_BubbleTime2y ago

If it is just a pointer a hardware, even more reason to let you export it.

m-p-32y ago

The idea is that the key never, EVER leave the hardware or password manager. What you do is have multiple Passkeys on separate devices per account.

Kind of like how you should generate SSH private keys on the local machine and never leave this particular system, and you then add their public keys to the server you will connect to. You can them revoke access to each machine independently.

j / k navigate · click thread line to collapse