How passkeys prevent Phishing attacks
Passkeys are tied to specific (https) websites. Browsers won't use a private key intended for one website to sign a challenge generated by a different site.
We're now live! Signup now
All the major browsers now support passkeys, however biometric support is often limited to those browsers with tight platform integration e.g. Safari on iOS and Chrome on Android.
These browsers are known to support passkeys as of April 2024.
Safari - Uses native biometics e.g. TouchID for user verification.
Chrome - Note: TouchID based user verification is not currently supported.
Firefox - Whilst firefox supports the wider WebAuthn API, it doesn’t yet
support platform authenticators - i.e. the user will need to use a dedicated
authenticator like a YubiKey.
Safari - Uses native biometics e.g. TouchID/FaceID for user verification.
Chrome - Note: TouchID based user verification is not currently supported.
Note: Windows does not sync passkeys, instead they are stored locally.
Edge - Uses Windows Hello facial recognition or PIN.
Chrome - As above.
Firefox - Whilst firefox supports the wider WebAuthn API, it doesn’t yet
support platform authenticators - i.e. the user will need to use a dedicated
authenticator like a YubiKey.
Chrome - Fully supported, including biometrics & syncing.
Please see the caniuse page for version specific support.
Founder
Passkeys are tied to specific (https) websites. Browsers won't use a private key intended for one website to sign a challenge generated by a different site.
Roaming authenticators allow users to sign in to a website on one device, using a passkey stored on a different device.
Passkeys enable two factor authentication (including biometrics). Users can even use a biometric enabled device e.g. iPhone FaceID to authenticate against a device lacking this capability e.g. a desktop.