| Passkeys do have a (partial) solution to this problem: multi-device credentials. See the videos at the bottom of [1]. Say you install an app/visit a website on your phone and register an account with a passkey. My current understanding is that on iOS 16, the passkey lives in your iCloud keychain. If you want to sign in on a Mac on Safari, you can just visit the website and the discoverable credential from your phone will appear when you try to log into the site with webauthn. The website will be able to tell that you're logging in from a new device and optionally require additional authentication. If you want to sign in on a device that doesn't have access to your keychain, you can use your phone as an authenticator over a combination of Bluetooth and a tunnel server by scanning a QR code on that device with your phone. The site is then supposed to prompt you to register the new device with whatever its local passkey solution is. The best source I could find for how this protocol works at a technical level is an episode of "Security. Cryptography. Whatever" on passkeys. I guess the specs aren't exactly public yet (at least since I last checked) and are only available to fido alliance members. I've been trying to work on figuring out ways to build a "passkey manager" of sorts to live up to the potential webauthn offers with hardware-backed credentials that are also synced and backed up (to an offsite key). As far as I can tell, as mentioned in another comment, this just doesn't seem to be a priority for the fido alliance, which is a real shame. I'm cautiously waiting to see how 1Password deals with passkeys, given that they're one of the few FIDO members with a vested interest in being cross platform, but I'm betting they'll just implement a software keystore built into their current vaults without any hardware backing. [1] https://fidoalliance.org/multi-device-fido-credentials/ |