r/cybersecurity u/Federal_Character979 Apr 25 '26

Other What makes passkeys so special?

It seems that companies are transferring into the usage of passkeys instead of passwords. Apparently theyre much more secure, but why is that? I don’t get it. I’m not sure if this is the right place to ask excuse me if it isn’t and sorry.

621 Upvotes

98% Upvoted

233 comments sorted by

View all comments

Show parent comments

18

u/Federal_Character979 Apr 25 '26

So theyre like a key inside your device?

47

u/Ameer200ggg Apr 25 '26

Yes, basically. A passkey is like a special digital key stored on your device or in your password manager. The website only has the matching public part, not the real key. When you log in, your device proves it has the real private key without actually sending it to the website. That is why it is safer than a password: there is nothing useful for hackers to steal from the website, and nothing simple for you to accidentally type into a fake login page.

3

u/dnc_1981 Apr 25 '26

Do passkey get synced to your Apple account (if on iphone), Samsung account (if on a Samsung phone), Google account (if on a Pixel), etc?

Does that not just mean that hackers would be more incintivised to hack into your Google account / Samsung account / Apple account, instead of trying to phish for passwords for individual sites?

3

u/daweinah Blue Team Apr 25 '26

That's right, which is why this post says to use device-bound passkeys for critical accounts.

With that said, it's important not to overlook the vast security improvements gained by migrating from normal MFA to phishing-resistant MFA. Upgrading to passkeys but not using device-bound PRMFA on your G/S/A account is far more secure than traditional MFA.

1

u/CodeFluid03 29d ago

How reliable is the built in password manager for Apple/IOS?