Passkeys are phishing-resistant and authenticate users with asymmetric public-private key cryptography and local biometrics.
No passwords, one-time codes, push notifications, or magic links getting in the way of users logging in to your awesome app.
API-first platform. Flexible deployment models. Our cloud platform handles all the complexity so you can focus on innovation, not implementation.
Support passkeys for every user no matter what device, browser, and application type they're on. Offload compatibility headaches and ship passkeys for your apps in minutes.
See our passkey experience in action
Zero passwords, codes, push notifications required for user registration or login
Consistent user experience across any operating system, browser, and application type
Fully customizable passkey experience so you can tailor it to your branding and preferred user flows
.png)
Not sure if your customers are able to use passkeys?
Get a report on their passkey readiness with a free tool.
Beyond Identity
Traditional MFA
Beyond Identity
Traditional MFA
Beyond Identity
Traditional MFA
(external security key only)
Beyond Identity
Traditional MFA
Beyond Identity
Traditional MFA
Beyond Identity
Traditional MFA
(external security key only)
Beyond Identity
Traditional MFA
(external security key only)
Got questions? We’ve got answers.
Advice. Info. Perspective. Speak with our team of security experts today.
Learn more about passkeys
How do you support passkeys without WebAuthn?
Great question, in addition to WebAuthn, W3C has another approved standard called Web Cryptography (aka WebCrypto). Like WebAuthn, WebCrypto allows browsers to create public-private key pairs aka passkeys. Unlike WebAuth, WebCrypto creates those passkeys in software, not hardware. Passkeys stored in software and hardware are both phishing-resistant. However, there are nuanced security differences that might matter to you if your application has high security requirements. For more information, check out our detailed blog post on on this.
What are passkeys?
Passkeys are digital keys made up of public-private key pairs. They allow users to authenticate with their device biometrics or local device PIN. Passkeys are easy to use and phishing-resistant.
Learn more about passkeys here.
Where are passkeys supported?
Passkey support is reliant on device and browser support of WebAuthn. WebAuthn is a standard web API built into some browsers that enable users to authenticate with passkeys. See table above for details.
How do users recover their account if they lose the only device that has a passkey?
You must re-enroll the user with a new passkey on their new device using the same mechanism as enrollment (e.g. if you enroll new users using email, that's how you would handle the recovery flow). To do so, we recommend that you provide users with a link for "Can't log in?" that, on click, prompts the user to enter their user ID which you can use to trigger a re-enrollment flow.
Are passkeys 2-factor authentication (2FA)?
Yes, passkeys authenticate users with two factors:
A private key that is on the users' device (something the user has)
A device biometric or PIN (something the user "is" or "knows")
If passkeys use a user's biometric to authenticate, is the biometric information kept safe?
Yes, passkeys don't change how local biometric information and processing that is handled by the user's devices today. The users's biometric stays on local device and is never sent to a server. The server only receives information on if the biometric check was successful.
