Passwordless authentication, championed as the ultimate defense against account takeovers, faces new uncertainties due to the hidden architecture of Google Authenticator’s passkey system. Researchers have uncovered a complex cloud-based component that silently handles sensitive cryptographic operations, potentially opening novel attack vectors previously undiscovered in widespread passwordless solutions.
This revelation challenges the conventional understanding of passkeys, which are typically envisioned as self-contained cryptographic keys secured by a user’s physical device. Instead, Google’s implementation, when integrated with Google Password Manager (GPM), relies on a remote service operating at enclave.ua5v[.]com. This domain acts as a sophisticated cloud authenticator, responsible for key generation, authentication request processing, and the crucial synchronization of credentials across a user’s various enrolled devices.
As of early 2026, the significant role of this cloud domain in powering global passkey logins remained largely undocumented in public materials. The discovery was made by Unit 42 researchers who adopted an adversarial perspective during a comprehensive security review of Google’s passkey infrastructure. Their focus shifted from the theoretical underpinnings of the FIDO protocol to the practical realities of where passkeys reside, how they travel between devices, and which components handle the most sensitive key material.
This exploration exposed a broader attack surface than traditionally acknowledged by existing FIDO and W3C technical documentation, highlighting potential vulnerabilities in the implementation of passwordless login.
Inside the Cloud Authenticator’s Authentication Flow
The architecture employs a background device onboarding process that precedes the usability of passkeys. During this phase, Chrome generates two hardware-backed key pairs utilizing the device’s Trusted Platform Module (TPM). These include an identity key and a user verification key, which are subsequently registered with the cloud authenticator at enclave.ua5v[.]com.
The cloud authenticator then stores these public keys. It subsequently assigns a device-specific wrapping key and issues a member key pair. This action formally establishes the device as a trusted participant within the user’s designated security domain. The entire configuration resulting from this onboarding procedure is locally preserved in a file named passkey_enclave_state, which is situated within the Chrome profile directory.
This setup results in a hybrid authentication model. Crucially, the private passkey keys are not stored in a directly usable form on the device. Instead, they are encrypted using a Security Domain Secret (SDS) managed by the cloud authenticator. Each login attempt necessitates Chrome transmitting the wrapped SDS back to this cloud service. There, the SDS is decrypted, and the passkey private key is utilized to sign the authentication response on behalf of the device.
Consequently, this design places a significant degree of trust in the cloud component. This raises critical questions regarding the security implications should this cloud-side logic become a target for malicious actors. The communication channel between Chrome and the cloud authenticator is secured using the Noise Protocol Framework, specifically employing the Noise_NK_P256_AESGCM_SHA256 handshake variant.
Chrome initiates a WebSocket connection to wss://enclave.ua5v[.]com/enclave. Following this, it executes a Diffie-Hellman key exchange to establish a shared session key. Thereafter, every subsequent request is signed using a TPM-backed device key.
During a passkey login procedure, Chrome transmits the command passkeys/assert along with the device identifier and the wrapped SDS. The cloud authenticator proceeds to unwrap the SDS, decrypt the corresponding passkey private key, and then constructs the authentication response. This response is then signed before being sent back to Chrome.
The browser ultimately forwards this validated response to the relying party, which verifies the signature and successfully completes the user’s login process. This intricate design ensures that sensitive key material remains off the user’s device. However, it also concentrates cryptographic authority within a remote cloud enclave.
Organizations and individuals who currently rely on cloud-synced passkeys through GPM are advised to exercise increased vigilance. It is recommended to closely monitor their Google accounts for any signs of unexpected device enrollments. Additionally, regularly auditing authentication logs for any unusual access patterns is crucial. For accounts handling privileged or highly sensitive information, consideration should be given to employing FIDO2-compliant hardware security keys as a more robust alternative to cloud-synced passkeys.