⚡TLDR;
Passkeys are a fancy word for password alternatives to log into something.
Passwords are unsecure because people reuse passwords. (You can check if a password has been breached here)
Not using your password to authenticate is usually more secure. It just gets inconvenient carrying other physical devices around as an alternative.
People can mix passwords and passkeys together.
🔑 Types of Passkeys
Platform authenticators: Authentication built in your device. Stuff like using your finger print, face recognition, or trusting your windows PC
Roaming authenticators: Devices you have to physically carry with you like Google Titan or Yubikeys. Think of external USB devices.
🧠 How it used to happen
Passwords have a lot of problems because they can be compromised by data breaches. Some people like to guess the password too.
Lets look into how passkeys solve this problem.
🔧 How it works
Someone tries to register for a website like making an account.
Your passkey from an external device or touchId creates credentials and sends it to a server to save.
The passkey credentials are saved and authenticates you anytime you try to login with that passkey device/method.
🔨The simplified encryption details
Passkeys work by using the public key cryptography.
This works by having two keys
🔑 Private key: A key that writes messages or signs challenges and encrypts it using a hashing algorithm like RSA or SHA3. This key needs to be protected and only stored on the passkey devices
🔑 Public key: A key that can open messages and validate signed challenges. This key can be out in the open for anyone to use.
Anytime anyone tries to login with a passkey, a challenge is sent to the client or user and signed with the private key.
The public key on the server or website you’re trying to access verifies everything looks good.
You don’t get this protection with passwords.
💰 HELP WANTED
This newsletter has grown to 13,000 → 14,500 AMAZING READERS. It’s grown to a scale that a single person can’t maintain all of it on their own.
If you’re interested in being a byte-sized design writer, apply here!
📝 Official Article
(Links to official article and sources are available to paid subscribers. They help maintain and support this newsletter!)
Keep reading with a 7-day free trial
Subscribe to Byte-Sized Design to keep reading this post and get 7 days of free access to the full post archives.