This page is displayed in , but your browser is set to .
Would you like to switch to the version?

Bitwarden Blog

How do passkeys work?

RL
authored by:Ryan Luibrand
published :

Introduction to passkeys

Passkeys are a secure, cryptographic way to authenticate a user without a password, providing better security, safety and ease of use than passwords themselves. More and more websites are adapting this

passwordless technology,
including many big tech companies. Learn more about passkeys in this detailed blog:
What are Passkeys?

How passkeys work

Passkeys utilize cryptographic technology in development for more than ten years. The

FIDO Alliance
was founded in 2013 to shepherd and drive the technology, ensuring universal, open standards and is supported by a
long list of members and sponsors
, including Bitwarden. Passkeys leverage the WebAuthn cryptographic protocols developed by the alliance, hailed as the gold standard in secure authentication.

Passkeys are an asymmetric key pair

Each passkey is a pair of two related asymmetric cryptographic keys, which are very long, random strings of characters. While they differ from each other, they do have a special relationship - one can decrypt messages that have been encrypted by the other. This feature can be used to verify a user and authenticate them.

The key pair is made up of a private key that’s kept securely on your device, inside a password manager supporting passkeys (also called a passkey provider), and a public key that’s stored on the website you are logging into. Your private key is secure and never leaves your device, and the password manager keeps it locked by biometrics, PIN, or a password. The public key, on the other hand, could be shared with the world, such as in the case of a website data breach, and your security wouldn't be compromised so long as the private key stays safe.

Here’s a

popular analogy
to help understand asymmetric key pairs, and the infographic below explains the steps of using a passkey and its key pair for determining your authenticity when logging into a website:

To sign into a passkey-enabled website, that site will send a login challenge - a really large random number - and then your secret key will use cryptography to “sign” the challenge with a response to the number. The website checks that signature with its public key to verify that the signature is authentic. Once confirmed, the website can confidently grant access to your account.

Passkeys in Bitwarden

Bitwarden supports creating and storing passkeys in the

Bitwarden Password Manager
today. Learn more in
Blog: Bitwarden launches passkey management
.

If you’d like to get started today,

set up a free account
, or share with your team by
starting a free business trial
. For developers, Bitwarden
Passwordless.dev
 provides API frameworks to help you build discoverable FIDO credentials such as passkeys.

Back to Blog

Prêt à voir Bitwarden en action ?

Commencer un Essai
Contacter les ventes
Participer à une démonstration en direct