Everything You Need to Know About Passkeys and Password Managers
It seems so many of you have questions about passkeys, how they work, and why they’re so important. And, like any new technology, it can be scary, but unlike AI, passkeys have no downside. If everyone used passkeys instead of passwords, there would be no more phishing or theft by deception because a hacker can’t steal a passkey.
Occasionally, we receive a question that inspires a valuable tip or article, and the other day, we received one from Maria that we think will help you understand passkeys better and how password managers support them. We currently recommend three password managers: Bitwarden, LastPass, and RoboForm. Maria asked about Dashlane (a password manager), but this article applies to Bitwarden, LastPass, and RoboForm as well. Dashlane, RoboForm, LastPass, and Bitwarden can store passkeys and work seamlessly on Windows as well as all major Android and Apple devices, such as Android phones and tablets, iPhones, iPads, and Macs. Any of the aforementioned managers makes an excellent choice for syncing your data between any of the Windows, Apple, and Android devices you use. And they make cross-platform syncing of your passkeys easy and keep them available regardless of the device you are using when you log in.
These password managers all share the same core strength in their cross-platform compatibility, making it easy to access your passwords and passkeys wherever you are and with whatever device you happen to be using at the time.
Today, we’re going to share Maria’s question and our answer with you – because we believe it will help unravel some of the mysteries and eliminate some of the misunderstandings about passkeys. Passkeys are the future, but sadly, not all sites offer them yet. But there will come a day soon when all major sites that require log-ins will offer passkeys. And we think you’d be wise to choose passkeys wherever and whenever they’re available.
Maria’s question:
Good morning, I have questions about passkeys. I understand that passkeys are stored on my individual device and match up with the site I am logging into. Does that mean that our two computers and two iPhones will each have their own passkey? So, if I log in to a site on my computer and set up a passkey, will I then have to log in to the same site on my iPhone and create another passkey? If so, will Dashlane Premium store all four passkeys? I can’t envision signing in on any other devices, but if we wanted to, how would that work? Still nervous about using passkeys, I guess.
Our answer:
Hi Maria,
What a fantastic question, and I’m sure it is one that many people have. Passkeys are designed to be much more user-friendly across multiple devices, especially when you use a modern password manager. Here is how it works in simple terms, followed by the answer to your specific question about Dashlane and your devices.
How Password Managers Like Bitwarden, Dashlane, LastPass, RoboForm, etc. Handle Passkeys
Think of a passkey as two halves of a secure digital key:
The Public Half: This is given to and stored by the website (like Gmail or Amazon). It’s public, so if it gets stolen, it’s useless to a hacker.
The Private Half: This is the secret part that only you have. It is stored inside a secure “vault” on your device or in your password manager.
When you use a third-party password manager like the ones we’ve mentioned that supports passkeys, it essentially takes over the job of being the “secure vault” for the private half of the key. Instead of the private key being stored only in your phone’s hardware (which would keep it locked to just that phone), your Windows PC, or your Android device, the password manager encrypts the private key and stores it within your encrypted password vault in the password manager. Because the private key is now part of your password manager’s vault, the password manager can securely sync it—along with all your regular passwords—to all your other devices where you have the manager installed and you are logged in.
When you go to log in on your laptop, the password manager sees the website is asking for a passkey, pulls the correct private key from its synchronized vault, and verifies it by asking you with your biometric ID (fingerprint, Face ID) or your PIN. The PIN normally would be the PIN you use to log into your device (phone, tablet, or computer).
A password manager turns a “device-bound” passkey into a “synced” passkey, solving the problem of having to create a new one on every device.
Now, let’s talk about your question, as you specifically asked about Dashlane…
Dashlane, other Passkey-capable password managers, and Multiple Devices
You are right to be nervous about the old way! If you only used the built-in storage on your phone (like Apple’s iCloud Keychain or Google Password Manager), your initial concern about having to create a separate passkey on every single device would be largely true.
However, using a cross-platform manager like Dashlane Premium or the others we mentioned completely changes this experience:
Will you have to create a new passkey on each device?
No, because you are using Dashlane Premium (or another passkey-capable password manager). When you set up the passkey for a site on your computer (or one of your iPhones), the private key is automatically saved to your Dashlane (password manager) vault.
Dashlane then securely syncs that single passkey across the internet to your other computer, other iPhone, and your other devices, as long as they are all logged into the same Dashlane account.
The next time you visit the site on a different device, Dashlane will automatically offer that synced passkey for login.
How does Dashlane store all four passkeys? It doesn’t. It will only store ONE passkey for that site, and you can use it on any of your four devices. Passkeys are designed to replace your username and password pair. For a single account on a single website, you only need one passkey (one private key/public key pair).
Dashlane Premium and most other passkey-capable password managers offer unlimited storage for both passwords and passkeys across an unlimited number of devices, so you have plenty of room for all your accounts.
What happens if you change devices or buy a new device? Nothing. It would be seamless. If you bought a new Android tablet, for example, you would download the Dashlane app/extension and log into your Dashlane account. The tablet would sync all your passwords and passkeys from the cloud.
When you go to log in to the site, Dashlane (and other passkey-capable password managers) would offer to use the existing passkey, and you would approve the login with your face, fingerprint, or PIN on the tablet.
We are all a bit nervous about new technology, but in this case, using a third-party password manager eliminates the major inconvenience of multiple passkeys you were worried about.
I hope this answers your questions, Maria.
This article applies to everyone who is using RoboForm, LastPass, Bitwarden, Dashlane, or other passkey-capable password managers.
And to all of you reading this, we hope this helps clear up some questions you may have had about passkeys and how password managers can make managing and synchronizing passkeys across multiple devices easier.
And remember, passkeys are just now coming of age; most major sites offer passkeys as an option, but some do not offer them yet. There is no question that passkeys are the future, and the more we understand why they are the future and how using passkeys is in our best interest, the safer we all will be. Phishing and online theft will be eliminated or drastically reduced, and it will be impossible for a hacker to trick you into accidentally revealing your passkeys.
As ever, this is a fabulous article which sets out to explain the issues of passkeys, password managers vs, passwords/user names and achieves exactly that. Thank you for the clarity.
Is it about time then to change the generic name for RoboForm, LastPass, Bitwarden, Dashlane and the others from “PASSWORD managers”, with passwords being ‘old hat’ now, to something more appropriate? “Safe Access Managers” or something more which is more in line with what they actually do than verifying passwords.
Hi TC,
I’m another loyal follower who’s also skittish about making the jump to Passkeys.
I thank you for this article as it does clear up a lot of my questions and concerns.
In a nutshell, the easiest way for me to digest this is to summarize. The main point is choosing a Passkey friendly app which I can set up with just one account and one password.
I then install that app (i.e. Bitwarden free version) on my PCs and iPhones and iPads.
When I go to log into a site that offers Passkeys, I “go that route”.
“Bitwarden” will save the “private key” which I’d access with my PIN (as an example). That will match up with the “public key” that the website stores. That would be how I’d log in with “any” of my devices (Windows PCs or iPhones/ipads).
As long as I have “Bitwarden” installed on all my devices – and use the same account login, I should be able to login regardless of device used.
If I lose or break a device, I get a new one, install “Bitwarden” on it, log in with that same user account, and I’m good to go.
Does that sum it up correctly? Would you say I’ve got correct?
If I’m wrong about any of it, please let me know. If you think I’ve understood the concepts, then I should be able to make the jump to the next level of security without worrying about getting locked out of an account.
I thank you again TC, for this article. It has given me the courage to try it out. I’m finding more and more of my banking and/or medical websites are urging me to make the change.
Until you just explained it the way you did, I was still very hesitant – but I feel much better about it now.
I hope you are continuing to feel better day by day.
Sincerely,
-Marty
Summed up very nicely 🙂