Learn when passkeys are stored in a secure system. Understand how passkeys work in user authentication and ensure your app’s security.
Vincent
Created: August 23, 2024
Updated: August 13, 2025
Passkeys are stored on the user’s device after being created during the WebAuthn register process. The cryptographic keys are securely stored within hardware-backed storage like the Trusted Platform Module (TPM) on desktops or the Secure Enclave on iOS devices.
When a passkey is generated, it consists of a public key and a private key. The private key is securely stored on the user's device, often in hardware-backed storage:
Passkeys are stored immediately after they are created during the registration process. This usually happens the first time a user signs up for a service using passkeys. Here's a step-by-step process:
The storage method of passkeys is designed to prevent unauthorized access and ensure that even if a device is compromised, the passkey remains protected: