LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Passkeys come in different "scopes" (device-bound, synced, shared, exported). How do they trade off security against convenience?

Device-bound passkeys are the most secure but least portable; as you move to synced, shared, then exported, convenience rises but so does risk.

The risk pyramid (lowest risk at the top):

Scope Context Convenience Risk
Device-bound single user, one device (e.g. hardware key like a YubiKey) lowest lowest
Synced single user, across their own devices (via cloud provider) higher low–medium
Shared multiple users (passkey provider scope) higher medium–high
Exported leaves the ecosystem entirely (external scope) highest highest

The tension: a device-bound passkey can't be phished or copied off the device, but if you lose the device you're locked out. Synced passkeys (the common consumer case) recover gracefully across your phone and laptop, at the cost of trusting the sync provider. Exporting a passkey maximises portability but reintroduces the "secret can leave and be stolen" problem passkeys were meant to solve.

Tip: "Security vs. convenience" is the eternal trade-off. The right scope depends on the threat: a journalist in a hostile region wants device-bound; a casual shopper is fine with synced.

From Quiz: ISF / Integrity & Content Authenticity (C2PA) | Updated: Jul 14, 2026