HomeIdentity Security Encyclopedia › Passkeys

Passkeys

Passkeys are a FIDO2-based replacement for passwords — cryptographic credentials tied to a specific website or app, stored on the user's device (iPhone, Android, laptop), and authenticated using the device's biometric or PIN.

IAM Passwordless FIDO2 Modern

❓ What is Passkeys?

Passkeys are a FIDO2-based replacement for passwords — cryptographic credentials tied to a specific website or app, stored on the user's device (iPhone, Android, laptop), and authenticated using the device's biometric or PIN.

⚙️ How Does It Work?

When creating a passkey, the device generates a public-private key pair. The public key is stored on the server; the private key never leaves the device. Login uses the device biometric (Touch ID, Face ID) to sign a challenge with the private key.

📍 Where Is It Used?

Consumer apps and websites (Apple, Google, Microsoft, PayPal all support passkeys), enterprise IAM platforms deploying FIDO2 passwordless authentication.

💡 Real-World Example

A user signs up for a website and creates a passkey stored on their iPhone. Next login: they tap the website, authenticate with Face ID, and they're in — no password typed, no OTP copied, completely phishing-resistant. If the server is breached, there's no password database to steal.

🔗 Related Terms

Passwordless FIDO2 WebAuthn Biometrics MFA
← Pass-the-HashPCI-DSS Identity Requirements →

Stay Ahead in Identity Security

Get weekly IAM, PAM & IGA insights delivered to your inbox via Identity Pulse.

Subscribe to Identity Pulse →
Scroll to top