Skip to main content
purple hex pattern

What are FIDO2 passkeys?

FIDO2 passkeys are cryptographic key pairs typically stored on a device that authenticate the user for various applications and services. A public key is stored on the application server and a private key is stored on the user’s device. When a user tries to log in to an application, Passkeys use Bluetooth® to communicate between the user’s phone (FIDO authenticator) and the device from which the user is trying to authenticate.

Enable Secure Passwordless Access

hacker icon

Resist Phishing

Generate unique key pairs for each application and eliminate the reuse of credentials that can cause password fatigue-based attacks.

gray shield icon with fuchsia checkmark in middle

Mitigate Remote-Based Attacks

Communicate with your users’ smartphones over Bluetooth when signing challenges with private keys.

keys icon

Enable Passkeys With Ease

Use Entrust Identity as a Service to simplify the support of passkeys within your application.

How do FIDO2 passkeys work?

When a user tries to log in to an application, passkeys use Bluetooth to communicate between the user’s registered device (FIDO authenticator) and the device upon which the user is logging into the application. The application issues a security challenge to the user’s registered device via Bluetooth. The user is then prompted to authenticate themselves using biometrics to accept the sign-in request challenge, which is signed with the private key on the user’s registered device and sent back to the application to be verified with the corresponding public key, after which the user is signed in if successful.

FIDO2 passkeys
hand holding phone with device is protected notice on screen

Enhance Security and the User Experience

With FIDO2 passkeys (which are based on FIDO authentication), proximity to the device upon which the application or service is being accessed is always necessary. This helps reduce risk against the most common attacks and enables a familiar user experience that is consistent across all platforms and devices.