Question How secure is passkeys stored in a windows desktop protected by windows hello login?

[Brahman]

Recently I started to use passkeys in my windows desktop. It's protected by windows hello login. I want to know how secure is passkeys stored in a windows desktop protected by windows hello login?
Can it be stolen by a 3rd party who have hacked to my machine?
Where do windows Store passkeys? Is it in tpm?

 

[RoboMan]

As far as I know, Windows Hello credentials are secured by TPM if available.

Regarding stealing your passkeys, this wouldn't be possible as long as you don't get your pin cracked.

 

[Ink]

Don't rely on a single device storage for passkeys, create additional passkeys on a secure password manager.

For example, Windows OS becomes corrupt and you are forced to clean wipe.

 

[TairikuOkami]

Can it be stolen by a 3rd party who have hacked to my machine?

That is actually one huge advantage of MSA, you can use a simple PIN, but a hacker can not (remotely), he would have to hack your MSA protected by MFA. A local account has zero security.

 

[Brahman]

Don't rely on a single device storage for passkeys, create additional passkeys on a secure password manager.

For example, Windows OS becomes corrupt and you are forced to clean wipe.

I have additional passkeys on bitwarden, 2Fa keys on authy and backup keys for allmost all my accounts.

 

[Wrecker4923]

Don't rely on a single device storage for passkeys, create additional passkeys on a secure password manager.

For example, Windows OS becomes corrupt and you are forced to clean wipe.

Or you can turn this around on its head and basically say, I'll use password+2FA everywhere else except for this main machine that I can use passkeys to conveniently and safely access the accounts. Passkey's private keys stored in password managers can be breached (for example, you get a malware), but the private keys stored in Windows credentials protected by TPM may not (time will tell). It's the classic tradeoff between security vs. accessibility.

 

[EstrellaRhodes]

Passkeys stored on a Windows desktop protected by Windows Hello are pretty secure since Windows Hello uses advanced encryption and the TPM (Trusted Platform Module) to protect your data. The passkeys are indeed stored in the TPM, which makes it difficult for hackers to steal them even if they manage to access your machine. It's always good to stay cautious, keep your system updated and use reasonable security practices.