What Are Passkeys? A User-Friendly Authentication Weapon in the Battle Against Phishing


As technology evolves, so does the need for more secure and user-friendly authentication methods. Passkeys, based on industry standards for account authentication, offer a simple and secure way to sign in to apps and websites across platforms without the need for passwords.

We’ll explore what passkeys are, how they work, and why they’re an excellent alternative to traditional passwords.

Streamlined Sign-In Experience

Passkeys provide a quick and easy one-step account creation and sign-in process using Face ID or Touch ID. There’s no need to create or manage passwords, making the sign-in experience hassle-free. With passkeys synced through iCloud Keychain, they’re available across all Apple devices, and you can even use your iPhone to sign in to apps and websites on non-Apple devices.

Next-Generation Account Security

Passkeys are based on FIDO Alliance and W3C standards, replacing passwords with cryptographic key pairs that significantly enhance security:

– Strong Credentials: Passkeys are inherently strong and never guessable, reused, or weak.

– Safe from Server Leaks: Servers only store public keys, making them less attractive targets for hackers.

– Safe from Phishing: Passkeys are intrinsically linked to the app or website they were created for, preventing users from being tricked into signing in to fraudulent apps or websites.

Furthermore, passkeys stored in iCloud Keychain are end-to-end encrypted, ensuring a strong, private relationship between users and your app or website.

Seamless Integration with Passwords

Signing in with passkeys uses AutoFill and Face ID or Touch ID for biometric verification, allowing for a seamless transition to passkeys. Users can continue using passkeys alongside passwords without any adjustments to the sign-in page based on credential type. The new Authentication Services API enables developers to add passkeys and create familiar sign-in flows for users.

A User-Friendly Solution for Enhanced Security

Passkeys have emerged as a powerful tool in the fight against phishing attacks, offering a user-friendly authentication method that prioritizes security. By replacing traditional passwords with cryptographic key pairs, passkeys provide a secure and simplified sign-in experience that keeps users’ information safe from potential threats.
In addition to being easy to use, passkeys are intrinsically linked to the app or website they were created for, which means users cannot be tricked into signing in to fraudulent apps or websites. This unique feature makes passkeys an effective defense against phishing attacks, ensuring a safer online experience for users across various platforms.

 Services Supporting Passkeys

A growing number of popular services are embracing the use of passkeys for secure and user-friendly authentication. Here’s a list of some notable services that currently support passkeys:

– Google
– PayPal
– Cloudflare
– Shopify
– Kayak
– Yahoo! Japan
– NTT DOCOMO
– CVS Health
– Hyatt
– Instacart
– Robinhood
– Mercari

As more services adopt passkeys, users can enjoy a seamless and secure sign-in experience across various platforms without the need for traditional passwords.