What are passkeys & why are they better than passwords?

Passkeys are a passwordless replacement for passwords and the future of security. They are easier to use than passwords and are far more secure.

Oscar de la Hera Gomez
Written by Oscar de la Hera Gomez
First published on 07/26/2022 at 10:24
Last Updated on 08/09/2022 at 16:16
Apple's Passkey symbol with 'The Future of Passwords' below it.

Passkeys, also known as Public Key Credentials, are a passwordless replacement for passwords and the future of security. They are easier to use than passwords and are far more secure. They use Public Key Cryptography & Web Authentication (WebAuthn) to allow users to register (create) and authenticate accounts without a password.

We would like to thank Nick Steele for his time in helping us understand passkeys.

Discover Nick SteeleHow to register passkeysHow to authenticate passkeysHow to create & login with a passkey in React & Typescript

On June 6th 2022, Apple announced their transition to passkeys - a passwordless replacement for passwords - which they claimed to be a next generation authentication technology.

Apple worked closely with the FIDO alliance to make sure passkey implementations are cross platform and work on as many devices as possible.

Meet Passkeys (WWDC 2022)Discover the FIDO alliance.

Passkeys, also known as Public Key Credentials, are a World Wide Web Consortium (W3C) Standard for Web Authentication which W3C define as an API enabling the creation and use of strong, attested, scoped, public key-based credentials by web applications, for the purpose of strongly authenticating users.

Why is this beneficial?

Read W3C's standard for passkeys

Passkeys don't need a password

81% of all hacking related breaches leverage stolen or weak passwords.

Passkeys work like passwords, without requiring a password. These passwordless account login's are created and validated by an encrypted process on your devices (mobile phone, tablet, laptop or desktop).

This removes the possibility of creating a weak password and as the part that is required for verification - also known as the private key - is not valuable to hackers. It makes them significantly more secure than passwords.

How to create a passkey

Passkeys are domain specific

Phishing is involved in over 30% of breaches

Passkeys carry an added layer of security, that makes a user only be able to access passkeys for a given domain.

In other words, a passkey created on Citibank.com cannot be accessed nor used on a domain that attempts to look like Citibank.com but is in fact, not Citibank.com, as it is indeed not Citibank.com.

This last process removes phishing from the equation - once again making passkeys significantly more secure than passwords.

How do passkeys work ?

Passkeys are complex to understand and require talking to an expert (like Nick Steele) to get a holistic understanding as to how they are created, verified and where things should be executed. We hope the posts offered in the links below helps clarify those questions.

How to register passkeysHow to authenticate passkeysHow to create & login with a passkey in React & Typescript

Any Questions

We are actively looking for feedback on how to improve this resource. Please send us a note to inquiries@delasign.com with any thoughts or feedback you may have.

SubscribeInquireView All PostsView All ServicesView All Work

Partner with us

We would love to get to know you and see how we can help your organization with its goals and needs.
Let's Talk

Stay Informed

Get occasional updates about our company, research, and product launches.
Subscribe