A passkey is cryptographic credential that can be used in place of a password (or a password plus a second factor) to prove your identity to a web site or app that you are trying to log in to. Compared to passwords, passkeys are much more secure, easier to use (in particular, there is nothing to remember), and nearly un-phishable (passkeys can only be used with the site or app they were registered with).

Passkeys can be used today (September 2024) to log in to Google, Microsoft, GitHub, and WhatsApp accounts. There are doubtless other places where passkeys work; I have personally tested these four.

There are many videos about passkeys on YouTube; however, I have only found a few that are both succinct and correct. I have linked below to three that I like.

First, what are passkeys?

Next, a demo of passkeys in action, and an explanation of what’s happening “behind the scenes”.

This last video is a bit slower and more technical, but digs into some of the nuances and issues surrounding broad adoption of passkeys.

Enjoy!

I highly encourage you to try using passkeys where you can!