Passkeys Authenticator

Multi-factor software cryptographic authenticators encapsulate one or more secret keys unique to the authenticator and accessible only through the input of an additional factor, either a memorized secret or a biometric.

A passkey is a modern cryptographic credential that consists of a public key stored on the server and a private key stored on the user's device. It is a possession-based authenticator for a user to verify their identity. A passkey is a modern, cryptographic credential that replaces traditional passwords. It consists of a pair of keys: a public key stored on the server and a private key securely stored on the user’s device. Passkeys are possession-based authenticators because they rely on the user having a specific device (e.g., smartphone, laptop) that holds the private key. A password is a secret that only one person should memorize and know. It is a knowledge-based authenticator for a user to verify their identity. To ensure security, we have implemented the following Measures:

Controls in place for security:

  • The private key never leaves the device, ensuring it’s never exposed. Each authentication operation using the authenticator SHALL require the input of both factors.

  • Passkeys are stored in a secure hardware module or secure enclave on the device.

  • The use of passkeys is tied to the device and cannot be shared or easily stolen by malicious actors.

  • Passkeys are stored in a secure hardware module or secure enclave.

  • The private key never leaves the device, preventing exposure during authentication.

  • Passkeys are automatically managed by the device, reducing the risk of human error.

Last updated