Passkey

Passkeys are an authentication technology that logs a user into a website without using a username and password. Instead, passkeys log a person in using their already-authenticated personal device and a pair of cryptographic keys. Since passkeys use the same fingerprint, facial scan, or PIN the user unlocks their device with, they make logging into a website faster, easier, and more secure.

When someone first creates a passkey for an account, their device generates two cryptographic keys — one private key stored on their device, and one public key stored on the server of the website or service for the account. When they attempt to sign in, the server and the user's device do not exchange keys; instead, the server sends a mathematical challenge to the user's device, which solves it by combining an algorithm and the private key. The device sends that solution back to the server, which validates it using the public key. Neither the server nor the user's device ever possesses both keys.

The technology behind passkeys is the same technology that enables the use of hardware authentication tokens in multi-factor authentication services. Instead of using a separate hardware authentication token, the user can simply use their existing device and the unlocking method they have set.

By removing usernames and passwords from the process, passkeys can prevent several types of security problems. First and foremost, there are no usernames and passwords to steal — no weak passwords to guess, and no credentials vulnerable to a phishing scam. If a website's server is compromised, it only knows the public key. If a user's device is stolen, a passkey login still requires a biometric scan or PIN entry before granting access.

NOTE: Using a passkey to log in to a website or service requires the support of the device's operating system and web browser. The passkey standard is a collaboration between Apple, Google, Microsoft, the FIDO alliance, and the WWW Consortium. This group is working together to include support for passkeys in their software and hardware devices.

Updated November 23, 2022 by Brian P.

quizTest Your Knowledge

Which part of an email message might include a virus or other malware?

A
Header
0%
B
Attachment
0%
C
CC field
0%
D
Message body
0%
Correct! Incorrect!     View the Attachment definition.
More Quizzes →

The Tech Terms Computer Dictionary

The definition of Passkey on this page is an original definition written by the TechTerms.com team. If you would like to reference this page or cite this definition, please use the green citation links above.

The goal of TechTerms.com is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about this definition or would like to suggest a new technical term, please contact us.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.