The idea is that you register a specific physical device (like your phone) with a website. When you try to log into that site, the website pings your phone to ask if you can log in. Your phone then has whatever security it has to validate you are **you** – and if you are, passes along a signal to let you log in.
The hope is that they will replace other forms of authentication – like passwords and SMS codes – because they are far easier and more secure. A **big** part of cybersecurity is developing a system that users will actually _use_, and passkeys may be simple enough to be that system.
Latest Answers