Pete McPherson

Written by Pete McPherson

Pete McPherson

Updated: May 4, 2025

Tags:

tech

Passkeys, explained.

Passkeys, explained.

Passwords are terrible...and 2-factor auth is somehow WORSE.

If you've ever seen a website offer to let you use a "passkey" to log in instead of a password...and wondered, "the heck..."

This is for you.

STICKY NOTE - Passkeys 👇

Passkeys Sticky Note

Here's a link to the hi-res Sticky Note image

What exactly is a passkey?

  • 🔑 Passkeys are a new, safer way to log in to websites and apps.

  • đŸšĢ You don't need a password...OR 2FA

  • đŸ’ģ Your DEVICE logs you in. It holds a "private key" (super random string of numbers, letters, etc) that stays local and a "public key" stored on the website.

  • ☚ī¸ Still, few companies support passkeys boooooooo

How they work:

1 - The Setup

"I HATE PASSWORDS & STUPID 2FA TEXT MESSAGES," you say.

"I got you, fam. Here's a passkey."

You enable passkeys.

A "private key" is stored on your local device, and the website keeps a "public key."

Private key 👉 Never leaves your device, and is therefore protected by face ID, fingerprint, a PIN, etc.

2 - The Request

"I WANNA LOG IN,"

"PROVE YOU'RE YOU,"

The website server sends a "challenge" to your device.

3 - The Authentication

"CHALLENGE ACCEPTED."

...but then it whispers to you...

"psst! hey! Can you gimme Face ID really quick? Just need to make sure it's actually you--and not somebody that stole your laptop--like your 7yr-old..."

You unlock with Face ID.

Your device uses the private key to "sign" the challenge--and sends the challenge back to the server.

"BOOMSHAKALAKA,"

4 - The Magic

"Welcome back, King. Never doubted you for a moment,"

"until next time..."

The server verifies you without ever seeing your private key.

Done.

⚾ A CURVEBALL - Password Managers

Some password managers store private keys.

You'll still AUTHENTICATE on your DEVICE (Face ID, PIN, etc)--but your private key is available across all devices with the password manager.

NOTE: Lastpass does NOT support passkeys yet, because they're lame.

Use Bitwarden (what I recommend), Dashlane, or 1password.

Why are passkeys better?

  • Easier: No need to remember complex passwords, and you don't need 2FA(!)

  • Safer: Phishing & hacking resistant. Can't steal em. Secured by your local device!

  • Faster: Logging in is EZ-PZ.

One downside...

Only a handful of apps and websites support them, and switching to passkeys can be a bit tricky.

Which websites have passkey support?

Here's a handy-dandy resource that lists them all!

https://passkeys.directory/

Big ones include...

  • Amazon

  • Apple

  • Bitwarden

  • Coinbase

  • Discord

  • Ebay

  • GitHub

  • Google

  • Link

  • LinkedIn

  • Microsoft / Live

  • OnlyFans (lol)

  • PayPal

  • Robinhood

  • Shop

  • Snapchat

  • Stripe

  • TikTok

  • Twitter

  • Uber

  • WhatsApp

  • Yahoo

So there it is, folks!

Hope you learned something today ;)

Love you, and thanks for sticking around on my email list.

Each week, I send a simple roundup newsletter for creators & entrepreneurs.

No salesy stuff. No spam.

Each week, I send a simple roundup newsletter for creators & entrepreneurs.

No salesy stuff. No spam.

Steal this website template for free.