Passkeys are a way to log in without a password.
Typically, a passkey is something you have physically — It could be your mobile phone, your fingerprint, your face, or a physically hardware key that you have (such as a Yubikey).
You can use your phone or another supported device to prove that you are who you say you are before letting you into your account. A lot of security happens behind the scenes, but the main benefit of passkeys is that they can’t be stolen like passwords.
Passkey is a password replacement that’s more secure and easier to use. Passkeys are better than passwords because passkeys can’t be phished or stolen. They’re easy to set up and use, and you don’t need to memorize them. Instead of having to create a password for your account, you enable an “authenticator” to generate a passkey. The authenticator can be your smartphone, another device, or a password manager that supports passkeys.
The authenticator still requires some form of user verification. This could be through entering a password or PIN or using biometrics (such as Face ID or Touch ID), which adds both security and convenience.
Your passkeys are stored securely in a vault, such as your device’s keychain or your password manager. Since passkeys can sync across devices, they’re seamless and convenient to use, and the overall user experience with passkeys is an improvement over passwords.