A Trusted Platform Module (TPM) is a specialized security microchip that provides a
hardware-based approach to managing credentials and cryptographic keys, including those
associated with passkeys. The chip includes multiple physical security mechanisms to make
it tamper-resistant, and malicious software is unable to tamper with the security
functions of the TPM. Key functions of a TPM include:
- Generation of secure and unique cryptographic key, as in the application of passkeys
- Remote attestation: Creates a certificate of a device's
authenticity that can be used to ensure that a system is trusted and not tampered with
or substituted.
- Sealed storage: Encrypts data in such a way that it can be decrypted only on the same
TPM, ensuring data security.
- Platform integrity: A TPM can store platform measurements that help ensure that the
platform remains trustworthy.
Key Takeaways#
- A Trusted Platform Module (TPM) is a security chip that provides a secure
environment for storing cryptographic keys used in passkeys.
- TPMs add an extra layer of security for passkeys, preventing them from being exposed
even if a device is compromised.
- Passkeys stored in TPMs play a crucial role in enabling secure,
passwordless authentication methods like
WebAuthn.
- The presence of a TPM can be a critical factor in the smooth functioning and security
assurance of authentication systems that employ passkeys.
In the context of passkeys and authentication, the Trusted Platform Module (TPM) offers
significant benefits:
Security#
The TPM's secure cryptoprocessor capabilities ensure that passkeys, which are a part of
modern authentication protocols like WebAuthn, are stored in a tamper-resistant way. This
security is critical as it helps to prevent phishing and other forms
of account compromise.
Authentication#
With the increasing adoption of
passwordless authentication methods, TPMs provide
a hardware anchor for the cryptographic operations needed to create and use passkeys. This
makes the authentication process both secure and user-friendly.
Integrity#
TPMs can verify the integrity of the authentication process by ensuring that the passkeys
are untampered and genuine, providing a trustworthy mechanism for
user verification.
Standardization#
TPM technology is standardized across devices and platforms, offering a universal solution
for secure authentication processes. This standardization is key for cross-platform
compatibility and interoperability in authentication systems.
What is a TPM and why is it important?#
- A TPM is a secure microcontroller that provides hardware-based security functions. It's
important because it protects a computer by integrating cryptographic keys into devices,
offering a hardware-based approach to security that can bolster system integrity and
authenticate user access.
How does a TPM enhance security?#
- A TPM enhances security by providing secure generation and storage of cryptographic
keys, protecting against unauthorized software modification, and ensuring data security
through its sealed storage capabilities.
What role does TPM play in authentication?#
- TPMs are instrumental in authentication by storing cryptographic keys that are used in
authentication protocols like passkeys and WebAuthn, ensuring that user credentials are
not only secure but also remain confidential.
Is a TPM required for passkeys?#
- A TPM is not strictly required for passkeys, but it greatly enhances the security of
passkey storage and management. Passkeys can be used in conjunction with TPM to provide
a more robust authentication mechanism.
Does my PC have a TPM?#
- To determine if your PC has a TPM, you can check the BIOS or UEFI settings, use the
Windows Device Manager, or run a command in the operating system's command prompt or
PowerShell to query the TPM status.
Can I add a TPM to my computer?#
- Adding a TPM to a computer depends on the motherboard’s compatibility. Some motherboards
have a TPM header to which a TPM module can be added, while others may not support this
upgrade.
Can I see the passkeys in my TPM?#
- No, you cannot directly view the passkeys stored in your TPM. The TPM is designed to
securely store and manage cryptographic keys, including passkeys, without exposing them
to users or software.
Do I need a TPM for WebAuthn?#
- While a TPM is not an absolute requirement for WebAuthn, it is highly recommended. A TPM
can provide a secure environment for cryptographic operations that WebAuthn requires,
thus enhancing the security of the authentication process.
Are my passwords saved in the TPM?#
- No, passwords are not saved in the TPM. The TPM manages cryptographic keys and other
security functions but does not store passwords. It may, however, help secure the
processes that verify passwords during user authentication.

Add passkeys to your app in <1 hour with our UI components, SDKs & guides.
Start for free