[yencabulator]

Passkeys are the opposite of "private key in a mini-HSM" in that they're synced to a cloud provider.

The goals of this whole thing have shifted, and it's hard to keep track of what was aiming at what goal. It started out as "actually secure 2FA" and now we're at "cloud-synced unphishable password replacements for non-technical users".

[m-p-3]

It depends if you use a hardware token or a password manager that supports Passkeys.

If it's the hardware token, then the "certificate" (which can either contain your username or not aka discoverable vs non-discoverable credentials) that private key required for authentication will be stored and cannot be extracted in the secure element (until an exploit is found).

[aborsy]

I’m not an expert in these protocols, but it’s the public key that is synced. There is no need for the private key leaving the device, in “asymmetric authentication”.

Syncing the private key is like “symmetric authentication”, where the hashed password is sent to the website. That’s the old way of authentication.

[yencabulator]

"Passkeys" are backed up into Google/Apple/1Password cloud. You can grab a fresh laptop and download your synced passkeys into it, and log in from there.

That being possible means the private key material has to be backed up, as opposed to being permanently locked into an HSM like Yubikey.

[aborsy]

No, only public key has to be synced, for that to be possible :)

Think of ssh keys. Only your public key has to be transferred to the server for you to login.

[yencabulator]

Take laptop A. With it, use a passkey to log into a website. Sync passkey with the FAANG of your choice. Destroy laptop A.

Take laptop B. Log in to your FAANG of choice, syncing passkeys locally. Use laptop B to log into the same website.

Your FAANG of choice saw much more than a public key, for that to be possible. That might have been encrypted by something like your password to the FAANG, but still, it's the opposite of a tamperproof HSM.