4.3. Auth Passkey
WebAuthn
Public Key Cryptography
Industry Standard (FIDO Alliance, W3C Standard)
Strong credentials. Every passkey is strong. They're never guessable, reused, or weak.
Safe from server leaks. Because servers only keep public keys, servers are less valuable targets for hackers.
Safe from phishing. Passkeys are intrinsically linked with the app or website they were created for, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.
In iCloud Keychain, passkeys are end-to-end encrypted, so even Apple can't read them. A passkey ensures a strong, private relationship between a person and your app or website.
Works alongside passwords