Passkeys, the magic of identifying yourself without using passwords


Passwords are doors to unauthorized invasions. The vast majority of people still use weak passwords, and practically no one uses two-factor authentication, so billions of accounts of all kinds are practically open to any hacker who wants to spend time accessing social networks, sites website and much more.

A solution to this problem is to forget passwords forever, use facial recognition, fingerprints… and for this we have Passkeys technology waiting for us.

Felix Magedanz, founder of Hanko, is part of a team of developers and designers whose mission is to revolutionize the way we authenticate online.

He recently commented that as iOS 16 has been released globally, you can now experience the new standard for online authentication on these devices and get a good idea of ​​how sign-in will soon evolve for the first time since the invention of iOS. Internet.

They have released a live demo that allows you to test passkeys on your devices, now available at does not use API, it is a full demo account, enabled for this type of access. To test it, we need an email address. You’ll then use the open source Hanko authentication system (available on GitHub) to host the information on AWS servers.

What are Passcodes

We’re talking about a new way to authenticate to websites and apps, designed to replace passwords and two-factor authentication at the same time. Using passkeys means using your device’s biometric capabilities, such as Face ID and Touch ID, to log in securely.

This way we don’t have to create a new password for each service, and we don’t have to remember any passwords, because the devices take care of creating, managing and synchronizing the passkeys. Unlike passwords, access keys should never be shared with any website or app.

These keys only exist on our devices and make use of cryptographic algorithms to assert ownership of an access key without having to share the access key itself.

That makes access keys much more secure than passwords, and even more secure than common two-factor authentication methods like SMS codes or authenticator apps. The biometrics used for a passkey are exactly the same as those used to unlock devices, and biometrics will never be shared in the process.

What are the platforms compatible with Passkeys

We can test demo on Android, macOS and Windows and even use biometric authentication. All platforms have already supported WebAuthn, the API behind passkeys, for quite some time. What does not yet exist is the ability to synchronize our access codes across devices.

macOS 13 (“Ventura”) is expected to be released in October with full access key support. Both Google and Microsoft have publicly announced that passkey support is coming late this year or early next year for Android and Windows.