Passkeys without sync/backdoor with Google

Trying to set up passkeys on Android. Suggests that this will be stored in your Google account. I cannot seem to find a way around this. Has any of you managed this? If so how can this be done?

N.b. this is not the same as using your phone as a security key. Same tech different implementation.

1 Like

i don’t think there is a way around this. The documentation around this seems to be limited.
I guess when they say passkeys will be stored on your device , it means it will be automatically linked to your account and synced to your other devices. A quick search for documentation shows that , passkeys are synced with your google account using google password manger and is supposedly “end to end encrypted”. source - Passkey support on Android and Chrome  |  Authentication  |  Google for Developers .
So far i haven’t used this feature much. But i do have enabled passwordless login for github through my yubikey which is just like a passkey but stored on your separate physical device.
so using yubikey for passwordless login looks much better option , if you don’t want to trust apple/google ecosystem.
But for an average user passkeys should be much better option if the websites are compatible

We agree on all things here.
I just hate that it seems impossible to avoid Google here. It seems like a bad idea and I wonder how Bitwarden and 1password will do their implementation of key syncing in that case.

You mention you stored a passkey on your yubikey for github. But does that allow you to login on android with it?

The implementation with Google also does not work on GrapheneOS btw as it doesnt meet the sts (safetynet).

1 Like

it doesn’t exactly seem to work on android for some reason . but it allows yubikey to be used after entering your login and password and then clicking on passkeys option

Sure that’s the webauthn fido2 as security key MFA. But passkeys implementation doesn’t seem to work that way which is sad and slightly worrying


yeah i kinda hoped that when websites start supporting passkeys , webauthn fido2 would automatically start working on these websites too , which would have been a great feature for power users.