The passkeys are the computer's PIN. Only that computer can access the data on that computer.
"Wave’s virtual smart card solution addresses two-factor authentication requirements, where the
notebook or PC becomes the token (analogous to a conventional physical smart card or PKI token). The
user needs to know the PIN and must have physical possession of the notebook or PC, and as a result
provides device authentication as well as user authentication. Wave virtual smart card supports device
authentication by using the secure TPM credentials to validate that the machine trying to access network
resources is known, trusted, and has permission to access that resource. This allows enterprise IT to
unequivocally state that the PC connecting to the network using Wave virtual smart card is indeed an
enterprise-issued device and not a copy or hacker."
I think MSFT has started using the TPM, too.
News 
Market Data 
Discover 
