It’s a bit of math, split into two pieces.

You hand out one piece, that’s the public key. It’s tiny and simple.

You keep the other piece, that’s the private key. It’s long and complex.

The public key can scramble data that only the large piece can unscramble.

The private key can create a piece of data that only the public key can verify.

In practice, these keys can be kept in a database or a file, and they can be held in a hardware security key (yubi/fido). They can be stored on your phone, in Bitwarden, and just about anywhere that keeps passwords, they’re really just a few thousand bytes of data.

In many cases, You can store them in your phone’s private password storage, then when you log into a website, it will trigger a popup on your phone to authorize your login, so you don’t even have to keep them on the computer you’re using to access the secured site. Most of the implementations require you to have a biometric component. You need to face scan, fingerprint scan, or, worst case, use a password to unlock/verify the passkey on the device.

The upside here is that the keys are unique to every site. The public key is completely safe to hand out to everyone, it can’t be reverse engineered. This means that websites can’t leak your login credentials in any meaningful way. edit: Also since you’re using math to change a piece of data, it’s impervious to a replay attack and the communication even unencrypted would be reasonably safe even if someone was actively reading it.

As far as storing for loss, I’d consider regenerating them. I prefer using a password manager that stores them, that way my phone/computers all have access to the same keys.

To try and bake down the complex answers, if you are basically familiar with PGP or SSH keys the concept of a Passkey is sort of in the same ballpark. But instead of using the same SSH keypair more than once, Passkeys create a new keypair for every use (website) and possibly every device (e.g. 2 phones using 1 website may create 2 sets of keypars, one on each device) - and additionally embeds the username (making it “one-click login”):

• creating a passkey is the client and server establishing a ring of trust (“challenge”) and then generating a public and private pair of keys (think ssh-keygen ...)
• embedded in the keypair is the user ID/username and credential ID, which sort of maps to the three fields of a SSH keypair (encryption type, key, userid optional in SSH keys) but not really, think concept not details
• when using a passkey, the server sends the client a “challenge”, the client prompts the user to unlock the private key (device PIN, biometric, Bitwarden master password, etc.)
• the “challenge” (think crypto math puzzle) is signed with the private key and returned to the server along with the username and credential ID
• the server, who has stored the public key, looks it up using the username + credential ID, then verifies the signature somewhat like SSH or PGP does
• like SSH or PGP, this means the private key never leaves the device/etc. being used by the client and is used to only sign the crypto math puzzle challenge

The client private key is stored hopefully in a secure part of the phone/laptop (“enclave” or TPM hardware module) which locks it to that device; using a portable password manager instead such as Bitwarden is attractive since the private keys are stored in BW’s data (so can be synced across devices, backed up, etc.)

They use the phrase “replay” a lot to mean that sending the same password to a website is vulnerable to it being intercepted and used n+1 times (hacker); in the keypair model this doesn’t happen because each “challenge” is a unique crypto math puzzle generated dynamically every use, like TOTP/2FA but “better” because there’s no simple hash seed (TOTP/2FA use a constant seed saved by the client but it’s not as robust crypto).

An article I read recently suggested that storing passkeys with Google, Apple, and M$ didn’t have interoperability. Like you need a Mac/iPhone or PC/Android to make it work. Is this true? Can I store a passkey in a platform agnostic way?

Basically dedicated 2FA hardware.

If you lose it, you’re fucked, end of story.

As far as I understand it, passkey is a password replacement and a protocol built on top of FIDO.

The intention is to replace passwords by cryptographic keys (asymmetric encryption). These keys come in pairs always:

• a private key: secret and only ever known to you
• a public key: given to the service you want to authenticate to. This key can also be seen as a lock that can only be open by the matching private key.

The keys are nothing more than text and they can very well be stored in files on a USB drive, copied, transferre, deleted, etc.

But passkey also defines the process to exchange and store the keys in a secure manner. Therefore in practice you will always use a password manager and maybe also some specific hardware, to automatically hand the key exchange and secure storage of all the different keys your have for all of the different services you registered to.

If you’re talking about what Google or Microsoft offer as a login tool, it’s basically a file hidden on your physical PC so when you attempt to login to a service that wants it, the service gets a password from you and the passkey from your actual device to authenticate you.

For example, I have passkey enabled on my windows PC that my Google account has a passkey in. Anytime I access the built in password manager in chrome, Windows now gives me a pop up for a PIN number, and then windows will authenticate on my behalf with the hidden passkey.

If I need to access my password manager from my phone or another computer, I have to use my Google password instead since my passkey isn’t on those physical devices.

I believe Microsoft stores your passkey files on your motherboards TPM module, but I could be wrong.