Gabriel NJul 9, 2024

How well are #Passkeys protected on Android / Google Password Manager?

According to this article, on Mac/iOS it relies on the Keychain and Hello on Windows, while not perfect it feels like it would offer some resistance against stealers where they would at least need to prompt the user vs silently being able to extract them?

But how about #Android and #malware ? I would assume it's equally well protected but I can't find any information.

Show threadGabriel N

Ok found a blog post explaining it, from my reading it's equally good (or bad) as the Apple one.

So I'm going to put in the #passwordpolicy that synced passkeys are OK.

But I'd love for someone with real experience extracting/stealing these to tell me why I'm wrong about this and why it'll get us hacked.

Security of Passkeys in the Google Password Manager

Posted by Arnar Birgisson, Software Engineer We are excited to announce passkey support on Android and Chrome for developers to test today, ...

Google Online Security Blog
Jul 9, 2024 at 11:35amWeb