As safe as syncing passwords.
Passwords are easy. We understand what it takes to make them more (or less) secure. Passkeys are a little harder to understand, partly because they depend more on behind-the-scenes security measures we don’t see.
Fortunately, the benefits and risks of sharing passkeys across multiple devices via a password manager are almost identical to doing the same with passwords.
Syncing passkeys across devices
Syncing passkeys with a password manager is about as safe as syncing passwords with one. A thief would need to break into both your device and your vault to get them, which is extremely unlikely. With good security habits, syncing makes passkeys safe and easy to use.
Synchronized passkeys
Related
What Is a Passkey?
Passkeys are a new form of signing in that promise to be easier and more secure. I'll walk you through some of the high level concepts and how they work, and how they keep you safer than passwords.#157308
Passkeys are designed to be unique to, and stored on, each device. So, for example, if you use passkeys for your Google account, then:
- Setting up a passkey to sign in to Google on your computer creates one passkey that is stored on your computer.
- Setting up a passkey to sign in to Google on your laptop creates a different passkey that is stored on your laptop.
- Setting up a passkey to sign in to Google on your phone creates a third, unique passkey that is stored on your phone.
You need to set up a passkey for each device, typically by signing in some other more cumbersome way1 and then responding “Yes” when the process completes and you’re offered the option to set up a passkey.
Some password vaults now allow you to store your passkey not on each device but in your password vault instead. As a result, you have one passkey for that account that you can use on any device (assuming your password vault is installed and unlocked on each device). This means:
- You set up a passkey for an account only once.
- Once your password vault synchronizes, you can sign in to that account using its passkey on any of your devices.
It’s quite convenient… exactly as convenient as letting your password vault hold usernames and passwords for accounts that don’t use passkeys.
That doesn’t mean there aren’t risks, though.
Help keep it going by becoming a Patron.
Related
What’s the Best Password Manager in 2025?
Overwhelmed by too many password manager choices? I’ll walk you through the best current options, what makes them different, and how to pick the one that fits you best. The most important step? Start using one today for safer, easier, and more-secure logins.#148053
The risk
Let’s say you use your password manager to store passkeys and share them across devices, as I do using 1Password.
And let’s say that your laptop, which has your password manager installed, is stolen.
The thief would have to:
- Break into your laptop. They’d have to figure out how to sign in as you and then run the password manager.
- Break into the password manager. The only pragmatic way to do this is to have your master password. As the vault itself is stored encrypted, cracking it is impractical2.
There are scenarios where your own behavior can compromise both of those. For example,
- If your laptop signs in automatically, and
- You have a weak master password for your password manager, and
- They steal your laptop while it’s running and you have a long auto-lock timeout for both the laptop and the password vault,
then you’ve arranged a potential perfect storm. But the laptop and the password vault would both need to be compromised, or access couldn’t happen.
It’s all pretty darned unlikely.
Here’s the thing: nothing about what I’ve just described is unique to passkeys.
Related
Why Password Managers Are [Still] Safer than the Alternatives
If you're not using a password manager, you're likely compromising your security more than necessary. Here's why using one is safer.#5555
Passkeys aren’t the issue
The compromise I described above applies equally to accounts that use passwords. In other words, it applies to all the accounts you use today.
If someone somehow gains access to your password vault, they’ve got access to everything, passkeys or not.
In fact, passkeys may offer additional security because, unlike a password, passkeys generally require authentication, usually as biometrics or a PIN, at the time they’re used. If the thief can’t supply your face, fingerprint, or PIN, the passkeys remain secure.
But the security hygiene you’re already following to secure your password vault secures your passkeys as well.
Personally, I feel 1Password itself and my setup are sufficiently secure. I’m not concerned about this specific threat should my laptop ever be stolen.
Do this
Besides trusting 1Password’s security and my security habits, another reason I feel so comfortable using 1Password to save my passkeys and my passwords is convenience.
Setting up a passkey for each device can feel like a burden, particularly if you have multiple devices.3 Passkeys are more secure than passwords, and the ability to set them up once and have them work everywhere else my password manager works makes passkeys significantly more usable.
I just don’t see a downside.
If you use a password manager (and I hope you do), and that password manager offers to be your repository for passkeys, I suggest you let it.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: Not necessarily using a password, but more often responding to an SMS message or emailed link.
2: This applies equally to the hard disk being stolen from the machine. The database is strongly encrypted and realistically uncrackable given today’s resources.
3: Unsurprisingly, I have multiple devices.
