The Bitwarden Blog

How do passkeys work?

authored by:Ryan Luibrand
Link Copied!
  1. Blog
  2. How do passkeys work?

Introduction to passkeys

Passkeys are a secure, cryptographic way to authenticate a user without a password, providing better security, safety and ease of use than passwords themselves. More and more websites are adapting this passwordless technology, including many big tech companies. Learn more about passkeys in this detailed blog: What are Passkeys?

How passkeys work

Passkeys utilize cryptographic technology in development for more than ten years. The FIDO Alliance was founded in 2013 to shepherd and drive the technology, ensuring universal, open standards and is supported by a long list of members and sponsors, including Bitwarden. Passkeys leverage the WebAuthn cryptographic protocols developed by the alliance, hailed as the gold standard in secure authentication.

Passkeys are an asymmetric key pair

Each passkey is a pair of two related asymmetric cryptographic keys, which are very long, random strings of characters. While they differ from each other, they do have a special relationship - one can decrypt messages that have been encrypted by the other. This feature can be used to verify a user and authenticate them.

The key pair is made up of a private key that’s kept securely on your device, inside a password manager supporting passkeys (also called a passkey provider), and a public key that’s stored on the website you are logging into. Your private key is secure and never leaves your device, and the password manager keeps it locked by biometrics, PIN, or a password. The public key, on the other hand, could be shared with the world, such as in the case of a website data breach, and your security wouldn't be compromised so long as the private key stays safe.

Here’s a popular analogy to help understand asymmetric key pairs, and the infographic below explains the steps of using a passkey and its key pair for determining your authenticity when logging into a website:

Infographic on how passkeys work

To sign into a passkey-enabled website, that site will send a login challenge - a really large random number - and then your secret key will use cryptography to “sign” the challenge with a response to the number. The website checks that signature with its public key to verify that the signature is authentic. Once confirmed, the website can confidently grant access to your account.

Passkeys in Bitwarden

Bitwarden supports creating and storing passkeys in the Bitwarden Password Manager today. Learn more in Blog: Bitwarden launches passkey management.

If you’d like to get started today, set up a free account, or share with your team by starting a free business trial. For developers, Bitwarden provides API frameworks to help you build discoverable FIDO credentials such as passkeys.

Link Copied!
Back to Blog

Ready to see Bitwarden in action?

Start a Trial
Contact Sales

© 2024 Bitwarden, Inc. Terms Privacy Cookie Settings Sitemap

This site is available in English.
Go to EnglishStay Here