@git
Technically there’s no direct or built-in way to identify the password manager (PM) the user used to create a passkey.
So how does this website know which password managers I used?
TL;DR
when passkey create success response has id that points to 1 unique PM.
Passkey world leader has big list of PMs and their ids. Website use this list to lookup PM name, icon and other info.
1.
Included in the response returned on a passkey registration is an identifier called Authenticator Attestation Globally Unique Identifier (aka AAGUID). Each PM has its own unique AAGUID. For example, if you create a passkey using 1Password, the RP will receive an AAGUID of bada5566-a7aa-401f-bd96-45619a55120d.
2.
FIDO Alliance (a group like W3C but for Auth) maintains a centralized repo of password managers’ official attestation certificates, AAGUIDs, names and icons (among other details). PMs use this metadata service to publish their attestations. RPs lookup the PM info using the AAGUID returned from the user passkey creation.
There’s a community maintained list of AAGUIDs that people usually use to lookup PM info:
https://passkeydeveloper.github.io/passkey-authenticator-aaguids/explorer
1 reply
1 recast
11 reactions