What is Passkey?
Turkish: Passkey (Geçiş Anahtarı)
A passkey is a phishing-resistant sign-in method that uses a device-held private key plus biometric or PIN approval instead of passwords.
What is Passkey?
A passkey is a public-key credential that lets a user sign in without sending a password. The private key stays on the user’s device or in a synced credential store, while the service stores only the public key. During sign-in, the site sends a challenge, the device signs it, and the user approves the action with biometrics, a PIN, or the device lock.
Passkeys are bound to the legitimate domain, which makes them hard to reuse on a fake site. This property sharply reduces phishing risk compared with passwords and SMS codes. Each service also receives a different key pair, so data leaked from one service cannot be used to log in to another.
Relationship to MFA and OAuth2
A passkey can be used as a passwordless primary factor or as a strong factor in an MFA flow. Unlike many 2FA codes, it does not produce a value that the user can copy into a fake site. It can also work with authorization protocols such as OAuth2; for example, an identity provider can authenticate the user with a passkey and then issue tokens to an application.
Enterprise use needs planning for lost devices, backup passkeys, account recovery, and managed device policy. Passkeys are strong, but a weak recovery process can still let an attacker take over the account through another path.
Related Terms
2FA adds a second proof, such as an authenticator app, SMS code, or security key, on top of a password during sign-in.
Biometric AuthenticationBiometric authentication uses device biometrics such as face or fingerprint checks for login and sensitive approvals.
MFA (Multi-Factor Authentication)MFA protects sign-ins by requiring extra factors such as an authenticator app, device prompt, biometrics, or a security key.
OAuth 2.0OAuth 2.0 is an authorization framework that allows third-party applications to access resources without the user's password.
WebAuthnWebAuthn is a web standard that lets browsers use security keys and passkeys for strong, passwordless authentication.