Passkey authentication replaces traditional passwords with a pair of cryptographic keys—public and private. The private key stays on the user’s device, while the public key sits on the server. During login, the server issues a challenge that only the private key can solve, and the response gets verified using the public key. No passwords are transmitted or stored, which reduces the attack surface significantly. Password leaks and brute-force attempts become non-issues because there is no static secret to steal or guess.

FIDO2 is a joint initiative by the FIDO Alliance and the World Wide Web Consortium (W3C) aimed at delivering streamlined, strong authentication without relying on passwords. It defines a set of technical components: WebAuthn and CTAP2 (Client to Authenticator Protocol). WebAuthn standardizes how a web application interacts with an authenticator—often a platform feature like a secure enclave on a phone or a hardware security key. CTAP2 governs how that authenticator communicates with the client device, such as a laptop or smartphone.


More

Finance Derivative: Cryptocurrency exchanges must tackle their cybersecurity issues

“However, alongside this growing interest in cryptocurrencies is a significant increase in cybersecurity risks. Investors need…

Read More →

Biometric Update: Keyless achieves FIDO2 Certification for face biometrics technology

Keyless has achieved FIDO2 Certification for its enterprise biometric security platform. The news comes after the firm joined the FIDO…

Read More →

ITSocial: FIDO Alliance creates new integration standard to secure the Internet of Things

The FIDO Alliance has announced the launch of the FIDO Device Onboard (FDO) protocol, a…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.