[nailer]

I think it's webauthn, same thing being used here. Local device has a keystore, you can access it with face, fingerprint, PIN etc.

[lost_tourist]

what happens when you inevitably lose said device and/or it lets out the magic smoke?

[dagnelies]

Hi, sorry for the late reply. That is why in the screenshots you see the part with "account recovery options". Although there is the classical way with emails/sms, the other way would be to register an additional device for the account, for example by scanning a QR code, like in the screenshots.

Moreover, Google/Apple/Microsoft password's manager may sync your passkeys/credentials across your devices if enabled.

[nailer]

My understanding is that something in the TPM cannot be exported.

https://learn.microsoft.com/en-us/windows/security/identity-...

https://learn.microsoft.com/en-us/windows/security/informati...