Passkey¶
A passkey is a modern, secure way to log in to websites and apps without using a traditional password. It’s based on public-key cryptography, and it’s designed to be phishing-resistant, easy to use, and synced across your devices.
How It Works (Simplified)¶
Passkeys replace passwords with a cryptographic key pair:
- Public key: Stored by the website or service.
- Private key: Stored securely on your device (e.g., phone, laptop) and never shared.
What happens during login:
- You visit a site that supports passkeys.
- Your device authenticates you—usually via biometrics (Face ID, fingerprint) or a PIN.
- Your device uses the private key to sign a challenge from the site.
- The site verifies the signature using your public key and logs you in.
Benefits of Passkeys¶
- No password to remember or type
- Phishing-proof: You can’t be tricked into entering a passkey on a fake site
- Resistant to data breaches: Even if a site is hacked, your private key isn’t exposed
- Cross-device sync: On platforms like Apple, Google, and Microsoft, passkeys sync securely across your devices