[WorldMaker]

Sites should likely let you enroll multiple such passkeys from different vendors (add a Microsoft Account passkey from your PC, a Google one from your Chromebook, etc).

Apple already supports Keychain sync with Edge on Windows and I believe that already supports Passkey access.

Also, I believe I heard rumor that "Sign in with Apple" (their existing OpenID Connect account system) will also eventually support helping you enroll non-Apple devices to Passkeys in apps that support both Passkeys and "Sign in with Apple", though I don't know if there is yet a timeframe on that sort of support.

[nl]

> Sites should likely let you enroll multiple such passkeys from different vendors (add a Microsoft Account passkey from your PC, a Google one from your Chromebook, etc).

This sounds good, except how would it actually work?

I register in on my iPhone, it uses a key kept on that phone/iCloud. I log in via Safari on MacOS and it works because of iCloud sync.

Now I go to login using Edge on Windows. How can the website find out that I'm the same user as the iPhone/Safari user since I can't sync my key, and I can't enroll my MS Hello ID (or whatever Windows uses) on my Mac or iPhone?

[dwaite]

There is a cross-device system to sign in, using QR and proximity checks.

Once the user has signed in, a modality check shows that they logged in with another device, while a capability check shows that they _could_ have authenticated with the local device if it had been registered. This may trigger the site to prompt them to register the local device as a second mechanism (or they may just go to the self-service account management tab to do it themselves).