World Passkey Day: Passwordless Is the Future — But Where Do Your Passkeys Live?

World Passkey Day, led by the FIDO Alliance, aims to bring together the community to raise awareness, share progress, and drive real adoption of passkeys. For businesses and users this means an important shift away from passwords and toward simpler, more secure sign-ins with passkeys.

While this is an important change, supporting passkeys and giving users control over where they’re stored are two very different things.

What passkeys actually are — and why storage matters

A passkey replaces your password with a cryptographic key pair. One key is public. One is private, stored on your device or in your password manager. When you sign in, your device proves it holds the private key without ever transmitting it. This minimizes the risk of phishing and passkeys a more secure alternative to passwords.

The technology is compelling. But here is the question most people forget to ask: when a password manager holds your passkeys, where exactly do they go?

For most password managers, the answer is: on the vendor’s servers. Everyone’s passkeys are stored on one centralized server, a single breach could expose millions of user’s data.

How Enpass stores your passkeys differently

Enpass introduced passkey support in 2023 and today covers the full lifecycle which includes creation, secure storage, and authentication, across Windows, macOS, Linux, iOS, and Android.

Like passwords, your passkeys are stored inside your encrypted Enpass vault. That data never reaches Enpass servers. For business users, it lives inside your Microsoft 365 or Google Workspace, which is infrastructure your organization already owns, trusts, and has configured for compliance. For personal users, it lives in your cloud of choice: iCloud, Google Drive, OneDrive, Dropbox, Box, or Nextcloud.

This is Zero Possession. The industry benchmark is Zero Knowledge, where a vendor holds your encrypted data but cannot read it. Enpass goes further. We never hold it at all. There is nothing on Enpass servers to breach, harvest, or access. Your passkeys are as safe as your passwords: in your environment, under your jurisdiction, secure in the infrastructure you already own.

Where Enpass builds on WebAuthn in practice

Passkey implementation across the industry is governed by the WebAuthn specification, which is the technical standard maintained by the FIDO Alliance. Enpass follows these standards closely and already supports the latest WebAuthn Level 3 capabilities, staying at the very forefront of industry adoption. These capabilities include:

• PRF (Pseudo-Random Function) support
• Client hints
• Related origin requests
• Signals API

As websites adopt newer WebAuthn features, users can rely on Enpass as a fully compliant authenticator without falling back to platform authenticators or other devices.

By end of May 2026, Enpass will be fully compliant with the complete WebAuthn Level 3 standard. Throughout the year, Enpass will continue to evolve alongside the spec, including support for emerging post-quantum cryptographic algorithms.

Later in 2026, Enpass will introduce a native passkey and credential autofill experience on both macOS and Windows, leveraging platform frameworks to deliver a seamless, integrated experience.

The question worth asking this World Passkey Day

With the work of the FIDO Alliance and industry leaders every password manager will eventually support passkeys. The question is not whether your password manager supports them. It is where those passkeys live once you create them.

With Enpass, your data stays in your environment. Not ours. That is Data Sovereignty. That is Password Management Your Way.

This World Passkey Day, ask your password manager where your passkeys live.