Passkeys Authenticator
Multi-factor software cryptographic authenticators encapsulate one or more secret keys unique to the authenticator and accessible only through the input of an additional factor, either a memorized secret or a biometric.
A passkey is a modern cryptographic credential that consists of a public key stored on the server and a private key stored on the user's device. It is a possession-based authenticator for a user to verify their identity. A passkey is a modern, cryptographic credential that replaces traditional passwords. It consists of a pair of keys: a public key stored on the server and a private key securely stored on the user’s device. Passkeys are possession-based authenticators because they rely on the user having a specific device (e.g., smartphone, laptop) that holds the private key. A password is a secret that only one person should memorize and know. It is a knowledge-based authenticator for a user to verify their identity. To ensure security, we have implemented the following Measures:
Controls in place for security:
The private key never leaves the device, ensuring it’s never exposed. Each authentication operation using the authenticator SHALL require the input of both factors.
Passkeys are stored in a secure hardware module or secure enclave on the device.
The use of passkeys is tied to the device and cannot be shared or easily stolen by malicious actors.
Passkeys are stored in a secure hardware module or secure enclave.
The private key never leaves the device, preventing exposure during authentication.
Passkeys are automatically managed by the device, reducing the risk of human error.
Last updated