The Cryptography Behind Passkeys
12 comments
·May 14, 2025labadal
hiatus
Can you expand on the vendor lock aspect? I have stored passkeys in my password manager, so they feel pretty portable to me. Is it that each service requires a unique passkey? That seems comparable to how each service would require its own TOTP seed.
supportengineer
Your password manager came from a vendor. As a thought exercise, switch vendors.
EnPissant
Bitwarden exports include passkeys.
yladiz
Unfortunately I don’t think there’s much to help with vendor lock in directly (like, you may or may not be able to export the private key(s) depending on the tool, and in some cases it’s definitely not possible like with a hardware key), but any website that supports passkeys supports WebAuthn in general so you shouldn’t have difficulty migrating to another tool if desired, although you would need to register again.
supportengineer
For me, the only thing that makes passkeys viable is backing them up in the cloud and automatically syncing them across devices. Otherwise, I do not trust them.
TechDebtDevin
What do you use?
supportengineer
As the digital world becomes more sophisticated, and also a more integral part of everyone’s life, it behooves everyone to maintain a larger part of their wealth in a non-digital format. For example, equity in real estate or physical gold bars in a safe.
01HNNWZ0MV43FF
Or an investment, like VTSAX
null
I love passkeys. I love them being on my phone, requiring biometric authentication before unlocking. I just hate the vendor lock in that comes with it.
Does anyone know the state of the standard wrt this? I know that they planned on doing something about it, just haven't kept up.