Device-bound Passkeys May 2026

You’ve probably heard of passkeys: the shiny new "password killer" from Apple, Google, and Microsoft. Most are synced passkeys—they float across your devices via the cloud. Convenient? Yes. But they share a subtle weakness: a sophisticated attacker who compromises your iCloud or Google account could potentially clone those keys from afar.

These keys are forged inside a single piece of hardware—your YubiKey, your Pixel’s secure chip, or your Mac’s Secure Enclave—and they never leave . Not for backup. Not for sync. Not for a friendly "hey, share this with your tablet." device-bound passkeys

Because even if a hacker steals your laptop’s hard drive, breaks into your password manager, or tricks you into clicking a phishing link that looks exactly like your bank… they walk away empty-handed. Without your specific, physical device in their hand, the key simply doesn’t work. You’ve probably heard of passkeys: the shiny new