Where Are Passkeys Stored in Windows?
Vincent
Created: August 22, 2024
Updated: September 10, 2024
Where Are Passkeys Stored in Windows?#
Passkeys in Windows are stored either locally in the device's Trusted Platform Module (TPM) when using Windows Hello or within a third-party password manager that syncs across devices.
- Passkeys in Windows are stored locally in the TPM with Windows Hello or within third-party password managers.
- Windows Hello stores passkeys securely on the device, using the TPM for enhanced protection.
- Third-party password managers store passkeys in their own vault, allowing cross-platform access and synchronization.
Passkeys and Windows Hello#
Windows leverages Windows Hello for local passkey storage. When a passkey is created using Windows Hello, it is securely stored on the device within the Trusted Platform Module (TPM). The TPM is a hardware component designed to provide a higher level of security by isolating cryptographic operations and storing keys in a tamper-resistant environment.
As of August 2024, when using Windows Hello, the passkey is never shared or stored in the cloud. However, this also means that the passkey is tied to the specific device. If you want to access the same account from another device, you must set up a new passkey on that device.
Passkeys and Third-Party Password Managers#
For users who prefer cross-platform access to their passkeys, third-party password managers offer a flexible alternative. These tools store passkeys in their own encrypted vaults, which can be synced across multiple devices and platforms. This means that if you store a passkey in a password manager, you can access it on any device where the password manager is available and synced.
Popular password managers like Dashlane, 1Password, and Bitwarden provide this functionality, ensuring that your passkeys are accessible wherever you need them, regardless of the operating system.
Security Considerations#
- Local Storage in TPM: Ensures that passkeys are protected by the device’s hardware.
- Password Manager Storage: Provides convenience and cross-platform accessibility but relies on the security of the password manager itself.
- Device-Specific Passkeys: With Windows Hello, passkeys are device-specific, meaning they cannot be used across multiple devices unless a password manager is employed.
Choosing between these options depends on your need for convenience versus security. Windows Hello is ideal for users prioritizing security on a single device, while password managers are suited for those needing access across different platforms.
Share this article
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.
We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour
