What are passkeys?
Passkeys are a standard authentication method designed to avoid using traditional passwords, providing a more secure and user-friendly experience.
Passkeys are based on public and private key pairs to secure user authentication. The public key is stored on the server side, while the private key is secured in the user's device. The user is authenticated by proving ownership of the private key, usually with biometric sensors, without extracting it from the device at any time. This method ensures that sensitive information remains protected and reduces the risk of credential theft.
Why do we need passkeys?
Passkeys offer significant security improvements over traditional passwords. In the context of web3, where secure key management is paramount, passkeys provide an efficient alternative to seed phrases, which are often considered both a security liability and a subpar user experience.
Safe offers the capability to sign into your wallet using passkeys by implementing a dedicated module that verifies the integrity of the key provided.
Passkeys Support
Passkeys and syncing are supported by Apple and Android devices. If a device uses Cross-device authentication (CDA) (opens in a new tab), its passkeys will be portable to other devices. You can read more about device support here (opens in a new tab).
Passkeys can also be integrated with ERC-4337, providing enhanced user experience in managing web3 accounts. See our tutorials to build your own implementation, or check out ERC-4337 support contract for passkeys (opens in a new tab) for more information.