Where are Passkeys Stored in Chrome?

Where Are Passkeys Stored in Chrome?#

Passkeys in Chrome are stored differently depending on the operating system. On macOS, they can be stored in the Chrome profile or iCloud Keychain; on iOS, they are saved in the iCloud Keychain or third-party password managers. Windows stores passkeys in Windows Hello or third-party password managers, while Android saves them in Google Password Manager or third-party password managers.

---

Storing Passkeys in Chrome Across Operating Systems#

Chrome, as a browser, integrates with various operating systems to store passkeys securely. The storage location and method depend significantly on the underlying operating system:

macOS#

• Chrome Profile (Not Synced): On macOS, users have the option to store passkeys locally within their Chrome profile. These passkeys are not synced across devices and are securely stored in the Secure Enclave.
• iCloud Keychain (Synced): Alternatively, passkeys can be stored in iCloud Keychain, allowing them to be synced across all Apple devices. The Secure Enclave is also used to safeguard these passkeys.

iOS#

• iCloud Keychain (Synced): On iOS devices, passkeys are stored in iCloud Keychain, making them accessible across all Apple devices. Like on macOS, the Secure Enclave is utilized for protection.
• Third-Party Password Managers (Synced): Users can also choose to store passkeys in third-party password managers, which are synced across devices.

Windows#

• Windows Hello (Not Synced): For Windows users, passkeys are stored locally using Windows Hello. These passkeys are not synced and are protected by the Trusted Platform Module (TPM).
• Third-Party Password Managers (Synced): Similar to iOS, Windows users can opt to store their passkeys in third-party password managers, allowing for synchronization across multiple devices.

Android#

• Google Password Manager (Synced): Android devices store passkeys in Google Password Manager, ensuring they are synced across devices. The Trusted Execution Environment (TEE) provides robust security for these passkeys.
• Third-Party Password Managers (Synced): Android users also have the option to use third-party password managers for storing and syncing passkeys.

Technical Considerations#

When considering where to store passkeys in Chrome, it's important to understand the security implications:

• Secure Enclave (macOS/iOS): A dedicated security processor used to protect sensitive information like passkeys.
• Trusted Platform Module (Windows): A specialized chip that secures hardware through integrated cryptographic keys.
• Trusted Execution Environment (Android): An isolated environment that runs in parallel to the main operating system, safeguarding sensitive information.

Each storage method offers different levels of security and convenience. For instance, storing passkeys in a non-synced environment (like Windows Hello or a local Chrome profile) offers higher security but less convenience. In contrast, syncing passkeys across devices through services like iCloud Keychain or Google Password Manager provides ease of use but with slightly different security considerations.

---

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →