Skip to main content

Passkeys - FIDO2 Passwordless Authentication

About 2 min read

A passkey is a passwordless authentication method based on the FIDO2 (Fast IDentity Online 2) standard that authenticates users with public-key cryptography instead of passwords. Rather than entering a password, users can log in to a service using the same method they use to unlock their device, such as fingerprint recognition, facial recognition, or a PIN. It offers strong resistance to phishing and is attracting attention as a next-generation authentication technology that fundamentally eliminates the risk of password leaks.

Historical Background

The FIDO specifications on which passkeys are built were developed by the FIDO Alliance, established in 2012. In 2018, the W3C recommended WebAuthn as a web standard, making passwordless authentication technically possible in browsers. The turning point came in 2022, when Apple, Google, and Microsoft jointly announced support for passkeys. This enabled the synchronization of passkeys across devices and platforms, and adoption among general users has been gaining momentum in earnest.

How It Works

Passkeys are based on public-key cryptography. When you register with a service, a pair consisting of a private key and a public key is generated on your device. The private key is stored in a secure area of the device (a secure enclave or TPM), and only the public key is sent to the service. At login, the device signs a challenge sent by the service with the private key, and the service verifies it with the public key. Because the private key never leaves the device, your credentials remain safe even if the server-side data is breached.

The technical trends in passwordless authentication are explained in detail in passwordless authentication books on Amazon.

Real-World Use Cases

"We completed passkey support for our internal systems, reducing employees' average login time from 8 seconds to 2 seconds. Phishing incidents also dropped to zero, achieving both security and convenience."

Authentication Flow

Service sends a challenge
Verify identity with biometrics / PIN
Sign with the private key
Verify with the public key
Login complete

Current State in Practice and Measures for the Transition Period

The major platforms from Apple, Google, and Microsoft support passkeys, and the number of compatible services is increasing rapidly. As of 2025, many major services such as Amazon, GitHub, and PayPal support passkeys, and adoption is accelerating. However, not all services support passkeys, so for the time being they will continue to be used alongside passwords. As a practical consideration, because passkeys are tied to a device, it is important to secure recovery methods in advance in case the device is lost or fails. If you enable cloud synchronization through iCloud Keychain or Google Password Manager, you can migrate smoothly even when replacing a device. For services that do not yet support passkeys, the combination of a sufficiently long random password and two-factor authentication remains the best choice.authentication technology books (Amazon) is also useful for keeping up with future trends.

Related Terms

Was this article helpful?

XHatena