anavem.
Back to Glossary
P

Passkey

Passkeys are phishing-resistant, passwordless authentication credentials using FIDO2/WebAuthn standards.

What is a Passkey?

A passkey is a passwordless authentication credential based on FIDO2/WebAuthn standards. It uses public-key cryptography where the private key never leaves the user's device, making it phishing-resistant and more secure than passwords.

How Passkeys Work

The user's device generates a public-private key pair. The public key is stored with the service, while the private key remains on the device, protected by biometric or PIN. Authentication proves possession without revealing the key.

Passkey Types

  • Platform Passkeys: Synced via iCloud Keychain, Google Password Manager
  • Security Key Passkeys: Stored on hardware tokens
  • Cross-Device Authentication: Using phone to authenticate on computer

Common Misconceptions

  • "Passkeys are just biometrics" - Biometrics unlock the key
  • "Losing device loses access" - Sync and recovery options exist
  • "Passkeys are hardware only" - Platform passkeys are software-based