A passkey is a synced, discoverable WebAuthn credential. While many implementations protect the private keys with additional security measures like secure enclaves or TPMs, it's not required. If you want to use an implementation that doesn't use those types of lock-ins, even when they're there to protect your credentials, you can. Multiple software-only implementations exist.
eikenberry|1 year ago