Storing WebAuthn Credentials in Password Managers
Last updated
Last updated
Many modern devices now ship with dedicated internal hardware chips called trusted execution environments (TEEs) for generating and signing with cryptographic secrets. By default, when available, WebAuthn will use these resources to generate passkeys and signatures as they are the most secure method for storing sensitive cryptographic material.
That said, not every consumer device is equipped with this specialized hardware. Furthermore, despite the fact that WebAuthn is projected to have over 96% coverage across consumer devices, some operating systems, including certain Linux distributions like Ubuntu, may not have full support for storing passkeys.
In these cases, we recommend using password managers like 1Password, Bitwarden or Dashlane. You can instruct users on unsupported devices to download and install the official chrome extensions from the webstore at the links above. They can then use the extensions to securely persist their passkeys as shown below.
Set up an account, log in, and then make sure passkeys are enabled in the extension. Click the menu dropdown and then Settings:
Then select Autofill and ensure "Offer to save and sign in with passkeys" is selected:
Here is a video showing the full passkey generation UX with 1Password:
Set up an account, log in, and then make sure passkeys are enabled in the extension. Click the Settings menu, then Options:
Then ensure "Ask to save and use passkeys" is selected:
Here is a video showing the full passkey generation UX with Bitwarden: