Passkeys are built on the FIDO2 standard (CTAP2 + WebAuthn standards). They remove the shared secret, stop phishing at the source, and make credential-stuffing useless.
But adoption is still low, and interoperability between Apple, Google, and Microsoft isn’t seamless.
I broke down how passkeys work, their strengths, and what’s still missing
No. It’s a completely different process. It’s a bad name for what it actually does. (Unless you’re talking about how computers do things, then EVERYTHING is numbers)
Look up public/private key pair encryption. It’s the process that has changed.
The problem with all these “what are passkeys” guides is that it’s difficult to convey the differences between password and passkeys if you don’t have a deep understanding of encryption or authentication systems.