4.3. Passkey

  • WebAuthn

  • Public Key Cryptography

  • Industry Standard (FIDO Alliance, W3C Standard)

  • Strong credentials. Every passkey is strong. They're never guessable, reused, or weak.

  • Safe from server leaks. Because servers only keep public keys, servers are less valuable targets for hackers.

  • Safe from phishing. Passkeys are intrinsically linked with the app or website they were created for, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.

  • In iCloud Keychain, passkeys are end-to-end encrypted, so even Apple can't read them. A passkey ensures a strong, private relationship between a person and your app or website.

  • https://developer.apple.com/passkeys/

  • Works alongside passwords