It is the next evolution in internet account security.

– We started with passwords – a secret word that only you know. You give that word to the website and they give you access to your account. The issue here was obvious – **anyone** who knew the word could get access

– We then moved to SMS-based MFA (multifactor authentication). After you put in your password, a code would get texted to you to verify you were you. Better than just passwords, but not great – if someone could get access to your phone number (by stealing your SIM card or getting the number ported to a new phone) then they could get your codes.

– We then moved to app-based MFA. You’d install a special app that would generate codes for you. When you registered that app with a website, you’d need the code from that app to get access. Much better than anything before it, but not been adopted by all that many people.

– Now, we have passkeys. Your phone will register with the website and you’ll get those special codes on your phone, just like app-based MFA, but _without having to install a special app_. Hopefully, this will drive adoption much higher.