ProtonBlog(new window)
Suscríbase mediante RSS
what is a passkey?

What is a passkey?

Fergus O'Sullivan(new window)

Compartir esta página

Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, and how does it work?

What are passkeys?

A passkey is a form of identification you can use to gain access to an account. Passkeys replace the need for passwords and two-factor authentication(new window) (2FA) by using your device to identify you. Since you no longer have a password to steal, passkeys protect against phishing. Passkeys are also less susceptible to brute-force attacks as they work by creating cryptographic keys. 

Passkey vs. password

The definition above probably sounds vague, so the best way to explain is by comparing passkeys to something you’re more familiar with, namely passwords. Normally, you gain access to an account by entering the credentials you gave when you created it: your username(new window) (often your email address) and password.

Not so with passkeys. When you create an account with a service that supports passkeys, your password manager generates a set of encryption keys. The next time you try to access the site, it will recognize the keys you hold and log you in without the need to enter your password.

How passkeys work

Passkeys use the principle of asymmetric or public-key cryptography. We go into more detail about this in our article on how encryption works(new window), but the short version is that when you create a passkey, your password manager generates two mathematically connected numeric keys: one public, one private. 

The service you’re signing up for holds the public key, while you as the user hold the private one, which is stored on your password manager. When logging into the service, the public key sends a challenge to your device which can only be answered correctly by your private key, identifying you as the account owner.   

how passkeys work

The system is very secure and practically impervious to brute force attacks. To crack the kind of numbers used in public-key cryptography would take a combination of the world’s supercomputers billions of years.

Advantages of using passkeys vs. passwords

For you, the user, the whole login procedure is entirely seamless: All the above happens automatically and virtually instantly. The only real downside to using passkeys is that few sites use them at time of writing, adoption is slow as implementation can pose problems. Supporting passkeys can get very technical, and since passwords and passphrases are highly secure there’s not always a direct need to bother with it. On top of this, there are moments when using a passphrase can be more useful as they can be more easily memorized.

Even if more sites used them, another issue is that many devices don’t support passkeys. For example, Android users can only use them if they’re using Android 14, and even then only if they have enabled some specific options — read more about this in our article on enabling passkeys.

Passkeys and Proton Pass

To use passkeys, you need to use a program that can send and receive the keys that make up the passkey. For most people this will be a password manager, a program that stores and manages passwords and, more recently, passkeys. Currently, not all password managers support passkeys, across all devices,  but Proton Pass does. 

As secure as passkeys are, they do create a single point of failure: if somehow somebody gets access to your passkeys, you’re in trouble. To prevent this from happening, Proton Pass uses end-to-end encryption(new window) to make sure your passkeys are always stored safely on our servers; nobody can access them, not even us. 

On top of that, we are also platform agnostic: You can use passkeys on any site that supports them, using any of your devices as long as they are compatible. 

Add to this our acclaimed interface, and you have a convenient way to implement this modern security tool. If you’re interested in knowing more about how Proton works, create a free Proton account today or check out our guide on how you can get started using passkeys.

FAQ

Can I log in to Proton Pass with Passkeys? 

No, you can’t log into Proton Pass apps using passkeys, but with passwords or passphrases, or via biometrics.

Do passkeys mask a password?

No, they replace passwords completely as they work entirely of keypairs.

Where are passkeys stored?

An encrypted version of your private key is stored on Proton’s servers, while the public key is held by the service you have an account with.

What happens to my passkeys if my device is stolen?

Nothing, they will still be on your device, making it imperative that you secure your Proton Pass app with a PIN or biometric scan.

Proteja su contraseña
Crear una cuenta gratuita

Artículos relacionados

en
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr
what is a brute force attack
en
On the subject of cybersecurity, one term that often comes up is brute force attack. A brute force attack is any attack that doesn’t rely on finesse, but instead uses raw computing power to crack security or even the underlying encryption. In this a
en
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as the legal justification allowing federal agencies like the NSA, CIA, and FBI to perform warrantless wiretaps, which sweep up the data of hundreds of thousands of US citi
en
In response to the growing number of data breaches, Proton Mail offers a feature to paid subscribers called Dark Web Monitoring. Our system checks if your credentials or other data have been leaked to illegal marketplaces and alerts you if so. Often
en
Your email address is your online identity, and you share it whenever you create a new account for an online service. While this offers convenience, it also leaves your identity exposed if hackers manage to breach the services you use. Data breaches
proton pass f-droid
en
Our mission at Proton is to help usher in an internet that protects your privacy by default, secures your data, and gives you the freedom of choice. Today we’re taking another step in this direction with the launch of our open source password manage