- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
tl;dr: passkeys, as proposed now, will fill up existing fido2/webauthn authenticators if the feature becomes widespread enough. this is because the feature of “passkeys” actually refer to resident keys, which most authenticators today can only store a limited amount of (some, none at all!). preventing this will require changes to either webauth, fido, or passkey libraries.
I believe password managers are getting the ability to store passkeys, bitwarden is rolling it out as a new feature soon. Here’s their announcement: https://bitwarden.com/blog/what-are-passkeys-and-passkey-login/
Interesting! I wonder if they’re actually storing the keys in the cloud or if they’re just using Bitwarden as a way to sync keys between hardware.
In any case, it seems like your original suggestion is a good one. Thanks for the info!
1Password also: https://www.future.1password.com/passkeys/