Passkeys gained attention due to Apple and Google’s support, promising phishing and server breach resistance. Passkeys, created by the browser using WebAuthn, authenticate users via public and private keys. Webauthn specifies an API for browser authentication. Passkeys mainly aim to solve the backup issue faced by hardware security keys. However, information on passkey generation, storage, and security is limited. Passkeys are not yet synchronized between different devices like Apple and Android. Bitwarden recently implemented passkey support, allowing for end-to-end encrypted synchronization across devices. Private keys can be exported in JSON format, offering flexibility to users.
https://research.kudelskisecurity.com/2024/03/14/passkeys-under-the-hood/