No, TPM isn’t involved here. There’s a few kinds of passkeys.
Hardware bound keys are locked up in a physical device like a TPM or a YubiKey. That physical device has its own security to unlock it- TPMs often work with fingerprints, or a YubiKey usually has a PIN (aka password).
A passkey can also be done in software, and that’s what’s happening here. BitWarden stores the encryption key within the BitWarden vault, so it can (eventually) be accessed by any device signed into your BitWarden account. Thus the same passkey works on your computer, laptop, phone, tablet, etc.
It’s worth noting that Google and Apple both do it this way- the passkey is stored in their password manager, and you use Face ID or fingerprint ID to unlock that.
They’ll probably interface the key exchange from TPM, pulling and storing keys as needed from the TPM to applications you use BW with.
No, TPM isn’t involved here. There’s a few kinds of passkeys.
Hardware bound keys are locked up in a physical device like a TPM or a YubiKey. That physical device has its own security to unlock it- TPMs often work with fingerprints, or a YubiKey usually has a PIN (aka password).
A passkey can also be done in software, and that’s what’s happening here. BitWarden stores the encryption key within the BitWarden vault, so it can (eventually) be accessed by any device signed into your BitWarden account. Thus the same passkey works on your computer, laptop, phone, tablet, etc.
It’s worth noting that Google and Apple both do it this way- the passkey is stored in their password manager, and you use Face ID or fingerprint ID to unlock that.
THat would make sense given that you’d want to be able to use it across other logged in devices.
Appreciate the explanation.
Most welcome :)