What is a Passkey and How does it Work?

Article author
Betty Fleming
  • Updated

What is a Passkey?

You may be asking yourself, "What is a 'Passkey' and why do I keep hearing about it in conjunction with strong account security? 

While it sounds similar to a password and a security key, it's something totally different .

Passkeys are a new type of login credential that removes the need for passwords. Passkeys were developed through industry collaboration to move away from the use of passwords, and increase account security, to prevent common attacks users face, like phishing.

Passkeys are the highest form of account security currently available.

Passkeys work in concert with the devices you use. They are activated after you use a PIN, or biometric authentication, like your face or fingerprint, to access a phone or computer.

You're likely familiar with this way of authentication, as iPhones and Android devices (as well as more recent Windows PCs and Macs) currently use some form of biometric authentication to unlock your smartphone or laptop. 

Passkeys can't be hacked, phished, or forgotten. Each key is unique and created with encrypted data for added security, and was done so with the Web Authentication API security standard.

Attackers would need your phone in their hand even if they had your PIN- it's like knowing your debit card ATM pin without having the card. With passwords, knowledge of that info is enough to get you into an account. With passkeys, you need knowledge AND physical possession.

How Does Passkey Work? 

Like security keys, passkey can be set up (when available) in your account's security settings. It's quick and simple- you'd log into your account, and have the device scan your face or fingertip to create the passkey, for future use. Below, DDC has linked a few of our own articles explaining how to set up passkey authentication for Apple, Microsoft, and Google. 

Users aren't restricted to using the passkeys only on the device where they're available—passkeys available on phones can be used when logging into a computer, even if the passkey isn't synchronized to the computer, as long as the phone is nearby and the user approves the sign-in on the phone.

Say, for example, I have facial recognition passkey set up for my Google account on my iPhone. Then, I want to use my old, musty laptop to log in to my Google account - but my computer doesn't enable biometrics. As long as I have my phone nearby, I'll be able to use my Google passkey (my face) on my phone to verify login to my Google account on my computer. 

Passkeys started being deployed in mid-2023, You can expect to see more and more web services adopt passkeys as time goes on. since  they are built on FIDO standards, all browsers can adopt them.

We know you still may have some questions, so we're here to provide you with some further information. Check back for the following articles, which will be released soon:

Passkey FAQ

Passwords vs. Security Keys v.s Passkeys

Passkey for Apple

Passkey for Google

Passkey for Microsoft




Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Please sign in to leave a comment.