Where Are Passkeys Stored in Windows?

Where Are Passkeys Stored in Windows?#

Passkeys in Windows are stored either locally in the device's Trusted Platform Module (TPM) when using Windows Hello or within a third-party password manager that syncs across devices.

Passkeys in Windows are stored locally in the TPM with Windows Hello or within third-party password managers.
Windows Hello stores passkeys securely on the device, using the TPM for enhanced protection.
Third-party password managers store passkeys in their own vault, allowing cross-platform access and synchronization.

Passkeys and Windows Hello#

Windows leverages Windows Hello for local passkey storage. When a passkey is created using Windows Hello, it is securely stored on the device within the Trusted Platform Module (TPM). The TPM is a hardware component designed to provide a higher level of security by isolating cryptographic operations and storing keys in a tamper-resistant environment.

As of August 2024, when using Windows Hello, the passkey is never shared or stored in the cloud. However, this also means that the passkey is tied to the specific device. If you want to access the same account from another device, you must set up a new passkey on that device.

Passkeys and Third-Party Password Managers#

For users who prefer cross-platform access to their passkeys, third-party password managers offer a flexible alternative. These tools store passkeys in their own encrypted vaults, which can be synced across multiple devices and platforms. This means that if you store a passkey in a password manager, you can access it on any device where the password manager is available and synced.

Popular password managers like Dashlane, 1Password, and Bitwarden provide this functionality, ensuring that your passkeys are accessible wherever you need them, regardless of the operating system.

Security Considerations#

Local Storage in TPM: Ensures that passkeys are protected by the device’s hardware.
Password Manager Storage: Provides convenience and cross-platform accessibility but relies on the security of the password manager itself.
Device-Specific Passkeys: With Windows Hello, passkeys are device-specific, meaning they cannot be used across multiple devices unless a password manager is employed.

Choosing between these options depends on your need for convenience versus security. Windows Hello is ideal for users prioritizing security on a single device, while password managers are suited for those needing access across different platforms.

The Corbado Passkey Benchmark 2026 passkey enrollment rate analysis reports Q1 2026 first-try web passkey enrollment at 25–39% on Windows versus 49–83% on iOS, 41–65% on macOS and 41–67% on Android across large-scale B2C deployments. Two storage-architecture factors keep the Windows web band low: Windows Hello does not yet sync natively across devices, and it is not a Conditional Create path that turns a successful password sign-in into an automatic passkey upgrade.

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →