Passkeys come in different "scopes" (device-bound, synced, shared, exported). How do they trade off security against convenience?
Device-bound passkeys are the most secure but least portable; as you move to synced, shared, then exported, convenience rises but so does risk.
The risk pyramid (lowest risk at the top):
| Scope | Context | Convenience | Risk |
|---|---|---|---|
| Device-bound | single user, one device (e.g. hardware key like a YubiKey) | lowest | lowest |
| Synced | single user, across their own devices (via cloud provider) | higher | low–medium |
| Shared | multiple users (passkey provider scope) | higher | medium–high |
| Exported | leaves the ecosystem entirely (external scope) | highest | highest |
The tension: a device-bound passkey can't be phished or copied off the device, but if you lose the device you're locked out. Synced passkeys (the common consumer case) recover gracefully across your phone and laptop, at the cost of trusting the sync provider. Exporting a passkey maximises portability but reintroduces the "secret can leave and be stolen" problem passkeys were meant to solve.
Tip: "Security vs. convenience" is the eternal trade-off. The right scope depends on the threat: a journalist in a hostile region wants device-bound; a casual shopper is fine with synced.