Passkeys

Passkeys provide strong security guarantees critical for Web3:

• Phishing Resistance: Authentication is bound to the specific website domain (relying party). A fake site cannot trick the authenticator.
• No Shared Secrets: The private key never leaves the secure hardware, unlike passwords or OTPs.
• Physical Security: Requires local biometric or PIN verification, protecting against remote attacks and SIM-swapping used to intercept SMS 2FA.

Several protocols and wallets are pioneering passkey adoption:

• Turnkey: Provides infrastructure for generating and managing passkeys as signers for wallets.
• Dynamic.xyz & Privy: Offer SDKs for integrating passkey-based onboarding and authentication flows into dApps.
• Capsule: Uses passkeys for multi-party computation (MPC) wallet signing.
• Coinbase Smart Wallet: Uses passkeys as the primary authentication method for its smart contract wallet.

While promising, passkey adoption in Web3 faces hurdles:

• Device Dependency: Losing all registered devices can lock a user out, though cloud sync mitigates this.
• Protocol Support: Requires dApp frontends and wallet providers to implement WebAuthn.
• Key Export: Users cannot directly export the raw private key, which can conflict with some decentralized identity philosophies, though it enhances security for most users.

Passkeys are fundamentally resistant to phishing because the private key never leaves the user's secure device (e.g., a phone or hardware security key). Authentication relies on cryptographic proof of possession, not a secret that can be typed into a fake website. This eliminates credential theft via deceptive links, a major attack vector for traditional passwords and seed phrases.

A critical security distinction is where the private key is stored:

• Device-bound passkeys are locked to a single authenticator (e.g., a YubiKey). This offers high security but risks permanent loss.
• Synchronized passkeys (e.g., via iCloud Keychain or Google Password Manager) are backed up and synced across a user's devices by the platform provider. This improves usability and recovery but introduces a reliance on the platform's cloud security and backup encryption.

Passkeys can secure access in two distinct layers:

• Off-Chain Authentication: Used for accessing a wallet's user interface or a centralized service. The passkey proves identity to a server, which then controls access.
• On-Chain Authentication: The passkey's public key is registered directly on a blockchain (e.g., as an account key or smart contract signer). Signatures are validated on-chain, enabling non-custodial, programmable account recovery (e.g., via social recovery contracts) without relying on a third-party server.

Losing access to all devices holding a passkey can lock a user out. Secure recovery mechanisms are essential:

• Social Recovery: A smart contract can allow a predefined set of guardians (other passkeys or addresses) to collectively authorize a key rotation, recovering the account without a central authority.
• Backup Codes: Some providers offer one-time-use codes for emergency recovery, which must be stored as securely as a seed phrase.
• Inherent Risk: Any recovery mechanism creates a new attack surface that must be carefully designed.

Passkeys mitigate several common mobile-centric attacks:

• SIM Swapping: Since authentication isn't SMS-based, compromising a phone number does not grant access.
• Remote Exploits: The private key is not exposed to the browser or app memory in a usable form; it's isolated in a secure element or trusted execution environment (TEE). Authentication requires local user consent (biometrics or PIN) on the trusted device, blocking remote malware from initiating transactions.

Security also depends on correct implementation and trusted components:

• Platform Dependence: For synced keys, you trust Apple, Google, or Microsoft's cloud security and their implementation of the WebAuthn standard.
• Authenticator Integrity: The security of the device's secure enclave or the hardware security key is paramount.
• Protocol Vulnerabilities: While the FIDO2/WebAuthn standard is robust, implementation bugs in wallets, browsers, or smart contracts can introduce vulnerabilities.

The asymmetric cryptographic foundation of passkeys. A key pair consists of a private key (kept secret on the user's device) and a public key (shared with the relying party/service).

• Authentication: The private key signs a unique challenge; the public key verifies the signature, proving possession without revealing the secret.
• Security Model: Eliminates shared secrets (passwords). Phishing is ineffective as the signature is bound to the specific website's origin.

The website or application (e.g., a bank, social network, or crypto wallet) that relies on a passkey for user authentication. Its server-side components are responsible for:

• Registration: Generating a challenge and storing the user's public key and credential ID.
• Authentication: Issuing a new challenge and verifying the cryptographic signature returned by the authenticator.
• User Verification: Specifying whether biometrics or a PIN is required during the authentication ceremony.

The hardware or software component that creates the cryptographic key pair and performs the authentication ceremony. It is the device that stores the private key.

• Types:
  • Platform Authenticator: Built into an OS (e.g., Windows Hello, Touch ID, Android biometrics).
  • Roaming Authenticator: Cross-platform hardware devices (e.g., YubiKey) or smartphones acting as security keys.
• Core Function: Securely generates, stores, and uses private keys, often protected by a biometric or PIN.

Critical data structures in the WebAuthn protocol that enable seamless user experiences.

• Credential ID: A unique, opaque identifier for a specific public key credential, generated by the authenticator and used by the relying party to select the correct key for authentication.
• Discoverable Credential (Resident Key): A credential where the private key and user identifier (like a user handle) are stored on the authenticator. This enables passwordless and usernameless login, as the authenticator can discover which credential to use for a given relying party.