Passkey
ELI5 — The Vibe Check
Passkeys replace passwords with biometrics (fingerprint, face) or device PINs. No more 'Forgot password?' No more 'Must contain uppercase, number, symbol, blood type, and mother's maiden name.' You sign in by touching your fingerprint sensor or looking at your phone. Behind the scenes, it's public key cryptography — your device proves your identity without ever sending a secret. Phishing-resistant by design. Passwords are dead (eventually).
Real Talk
Passkeys are a FIDO2/WebAuthn credential type that replaces passwords with public key cryptography. The private key stays on the user's device (protected by biometrics or PIN), while the relying party stores only the public key. Passkeys are phishing-resistant (bound to the origin domain), eliminate credential stuffing, and sync across devices via platform providers (iCloud Keychain, Google Password Manager). They're supported by Apple, Google, and Microsoft.
When You'll Hear This
"We're adding passkey support so users can log in with Face ID." / "Passkeys eliminate phishing — there's no password to steal."
Related Terms
2FA (2FA)
2FA is short for Two-Factor Authentication. Two locks instead of one. Password plus a code from your phone (or a hardware key).
Authentication (AuthN)
Authentication is proving you are who you say you are.
Biometric
Biometric authentication uses your body as your password — fingerprint, face, iris scan.
OAuth (Open Authorization)
OAuth is the system behind 'Login with Google.' Instead of making a new account, you let Google vouch for you.
WebAuthn
WebAuthn is the browser API that makes passkeys work.