ELI5: How does a TPM work?

Nick Hodges
4 min readDec 12, 2022

We all know that passwords leave a lot to be desired. They are a hassle for everyone. Fortunately, passwordless authentication is coming. Removing passwords from the authentication equation will be a welcome sight for users and software developers.

You may have heard about passkeys, a standards-based solution that leverages biometrics and other technologies to make passwords obsolete. Most of the time, passkeys will leverage some type of biometrics to authenticate you to a given website or mobile application.

You can read all about the standards used for passwordless authentication, how it works, and why it is a superior solution to passwords in other posts here on our blog.

The great part of the whole solution is that secret information never leaves your device. Your biometrics information and passkeys are stored safely and securely on your phone or computer, unable to be accidentally shared or otherwise revealed to bad actors. Even if you lose your phone and a sophisticated hacker or other hostile entity gets a hold of it, they will not be able to pry that information from the bowels of your phone.

How is that possible? Because that secret information is stored in a chip called a Trusted Platform Module (TPM).

What is a TPM?