Storing WebAuthn Credentials in Password Managers

Edit online

Many modern devices ship with dedicated hardware chips known as trusted execution environments (TEEs). TEEs generate and sign cryptographic secrets. By default, when available, WebAuthn uses these resources to create passkeys and signatures, providing the most secure method for storing sensitive cryptographic material. Not all consumer devices include this specialized hardware. Moreover, although WebAuthn is projected to reach more than 96 percent coverage across consumer devices, some operating systems—such as certain Linux distributions, including Ubuntu—do not fully support passkey storage. In these cases, password managers such as 1Password, Bitwarden, or Dashlane are recommended. On unsupported devices, instruct users to download and install the official Chrome Web Store extensions. The extensions allow users to securely store and manage passkeys, as shown below.

1Password extension

  1. Set up an account and log in.
  2. Ensure passkeys are enabled in the extension.
  3. Open the menu dropdown and select Settings.
  4. Select Auto-fill and confirm that Offer to save and sign in with passkeys is enabled.

Bitwarden extension

  1. Set up an account and log in.
  2. Ensure passkeys are enabled in the extension.
  3. Open the Settings menu and select Options.
  4. Confirm that Ask to save and use passkeys is enabled.