TECHNIQUE FILE // PROFESSIONAL EDITION

THE PASSKEY
TECHNIQUE.

The manga calls it an inherited technique. Security professionals call it a FIDO credential: a phishing-resistant sign-in based on asymmetric cryptography and challenge-response authentication.

PUBLICPRIVATE
01REGISTER

The authenticator creates a unique public/private key pair.

02CHALLENGE

The service sends fresh data for the device to sign.

03VERIFY

The service checks the signature with the stored public key.

WHY PASSKEYS WIN

PROOF
WITHOUT THE
PASSWORD.

Passkeys change the security model. Users no longer prove identity by repeating a secret that both sides know.

01

NO SHARED SECRET

The service keeps a public key rather than a password equivalent that an attacker can steal and crack.

02

PHISHING RESISTANCE

A passkey is bound to the site it was created for, preventing a user from typing it into a lookalike domain.

03

LOCAL USER VERIFICATION

Biometric or PIN verification happens on the user’s device; biometric templates are not sent to the service.

04

OPEN STANDARDS

Passkeys use FIDO credentials and the widely adopted WebAuthn and CTAP standards.

FIDO

WHY IDEMIA BELONGS IN THE CONVERSATION

PASSKEYS
MEET HIGH
ASSURANCE.

IDEMIA Public Security states that its smart cards and USB security keys can be configured with a FIDO applet for device-bound passkeys. Its Smart Credentials portfolio connects FIDO with established PIV/CIV and PKI approaches for physical and logical access.

That makes the partnership discussion larger than “passwordless.” It can include credentials, devices, access, identity proofing, user experience, and the assurance level your environment demands.

Explore IDEMIA Smart Credentials

MOVE FROM EXPLAINER TO ROADMAP

DESIGN YOUR
PASSKEY PATH.

Bring IDEMIA your users, risk profile, target platforms, and assurance requirements. Start with the right specialist.

Start the conversation