Passkeys are a form of authentication based on public key cryptography, with each account having a public and a private key. These keys are used to gain access to the account, and passkeys are generated using the WebAuthn API included in modern operating systems and browsers. Passkeys offer benefits such as easier logins and resistance to phishing, as they are linked to the specific site they are used for. Passkeys can be synced between devices and can be stored on authenticator devices like an iPhone or Android phone, utilizing a secure chip for setup.

If using a trusted device, the passkey need not be connected all the time, and they can be transferred across when upgrading to a new device. If using a password manager, passkey data will be stored in the cloud vault, ensuring security in case of losing a hardware key. In such instances, the lost hardware key can be removed from the account, and a new one can be set up using the trusted device. To set up a passkey, the user can choose the authentication method they want, such as using another device or a smartphone.

When using a smartphone, a QR code will be displayed on the screen, which needs to be scanned to allow the connection to the phone. Then, during the next login via passkey, a notification will be sent to the phone for the user to verify their identity with biometrics or a PIN.