Brave is managing my passkeys even though it's set NOT to

Description of the issue:

  • brave://password-manager/settings shows Use passkeys across your Apple devices turned on
  • Therefore passkeys should be created in my Keychain
  • But instead, passkeys are being created in brave://settings/passkeys

How can this issue be reproduced?

  1. Follow info above

Expected result:
Brave won’t manage my passkeys

Brave Version( check About Brave):
v1.59.117

Additional Information:

@100WattWalrus I’m not on Mac and not knowledgeable of things on Mac, but I am going to ask. Are you not seeing it appear in your Mac keychain or you just concerned because you’re seeing it listed under Brave settings?

My casual thoughts as someone not familiar with it is that perhaps it’s being saved in both locations or Brave is pulling your information from Keychain.

An example of this is when I went to brave://settings/passkeys as you put, what showed up for me was below:

image

So what it was saying is that it’s saved to Windows Hello and not actually saved by Brave.

Anything saved by Brave would be in your password manager: brave://password-manager/passwords

And your settings for Password Manager would be by clicking on Settings to the left, or you can navigate there at brave://password-manager/settings which then lets you tailor things like using Keychain to fill in passwords. On Windows, it mentions Windows Hello:

Thanks, @Saoiray , but no, the passkeys are not getting saved to the Keychain. They’re getting saved only to brave://settings/passkeys, which is what’s supposed to happen when this toggle is OFF, but it’s happening regardless of the position of the Use passkeys across your Apple devices turned on* toggle.

I’m going to tag in @Mattches and @steeven on this in hopes they might know more and be able to figure out if what you’re sharing is a bug, intended, or what needs done. Also if perhaps there’s an extra setting that might need adjusted for it to work as you want.

I think there is a bit of confusion here.

Passwords and passkeys are two separate things entirely:

Passwords are what you are likely used to — some form data you save with a username, password, site, etc and is saved to your profile. When browsing, these saved data need to be filled in via autofill or Brave autofilling for you.

Passkeys are used as a “transaction” between the site and the user. You essentially request to login via passkey and when done, you’ll see a separate authentication prompt made by the OS or browser to complete the request for a passkey. You can read this article here for more information about passkeys:

Hi @Mattches. No confusion here. I work for a password manager developer. :slight_smile:

What I’m seeing appears to be a bug in Brave because…

  • It’s happening in only one profile
  • Quit/relaunch sometimes fixes it
  • Problem does eventually come back

The upshot is this:

  • In brave://password-manager/settings, the setting Use passkeys across your Apple devices doesn’t appear to actually do anything
  • On or off, passkeys are getting saved to Brave, not to the Apple Keychain

It could be related to a password-manager extension but I don’t think so because I was having the problem both with that extension installed and on, and with the extension off and/or uninstalled. But I wasn’t running A/B tests, so I can’t be sure.

At the moment, I’m unable to recreate, but if it happens again, I’ll reply with steps to reproduce (if I can), screenshots, and logs, if you tell me what you’d like me to send.

1 Like

Which website are you using this with? I’m wondering if some of the parameters of the request might be causing it to fallback to using the browser rather than the keychain in certain circumstances.

I’ll check with others internally on this, but I’m pretty sure that we’re just doing the same thing as what chromium is doing here without modification. So if you are able to reproduce can you also check if it’s reproducing in chrome? It may be a chromium bug in that case.

@100WattWalrus is correct. I get the same behavior. I am trying to setup a passkey for my google account.

I verified that
" Use passkeys across your Apple devices

When on, passkeys are created in iCloud Keychain and are available across your Apple devices. When off, passkeys are created in your Brave profile on this device." is selected ON.

However I get a prompt that says “To save a passkey you need to enable iCloud Keychain. You can enable iCloud Keychain in the Apple ID pane of System setting”.

When I checked my system setting “Apps using Keychain”. “Passwords & Keychain” are ON.

However, @kdenhartog said, Brave isn’t doing anything different than Chromium. So I tried on Chrome and got the exact same prompts and error. Chrome also doesn’t think I have the iCloud Keychain on, when in fact I do. Seems that is where the problem lies.

I’m using MacOS 14.0 (Sonoma).

Take a look at https://www.imperialviolet.org/2023/10/18/icloudkeychain.html if you want more insights into how this functionality currently works. This is a blog written by one of the chrome engineers who helped to author the spec and implement passkeys in chrome.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.