Passkeys are a form of passwordless user authentication for websites and apps, that is designed to provide a high level

of security by leveraging public key infrastructure. Unlike passwords, no shared secret is exchanged between the user

and a service. Instead, the public key is sent to the server, while the private key is stored in the user’s device.

To verify the user’s identity, users can use biometric data, such as a fingerprints or facial recognition, instead of

relying on a user-generated password. This makes it much more difficult for attackers to gain unauthorized access to an

account, as passkeys are two-factor-authentication (2FA) by default. Concisely, they avoid a range of

password-based attacks, including phishing, by providing an additional layer of security.