The Future of Authentication
Passkeys replace passwords with biometrics or device PINs. Try the WebAuthn flow below.
🌐 Browser Compatibility
Register a Passkey
This demo simulates the WebAuthn registration ceremony using your browser's built-in authenticator.
1
Enter Username
Choose a username to register with.
2
Create Credential
Your browser will prompt for biometric or device PIN verification.
3
Registration Complete
Credential stored securely on your device.
Authenticate with Passkey
Use your registered passkey to sign in. No password needed.
1
Select Passkey
Your browser shows available passkeys for this site.
2
Verify Identity
Confirm with biometric or device PIN.
3
Signed In
Assertion verified — you're authenticated.
Registered Credentials
Credentials stored in this demo session (LocalStorage).
No credentials registered yet.
How Passkeys Work
🔑 What is a Passkey?
A passkey is a FIDO2/WebAuthn credential stored on your device. It uses public-key cryptography instead of a shared secret (password).
📝 Registration Flow
- Server sends a challenge (random bytes)
- Browser calls
navigator.credentials.create() - Authenticator creates a key pair (private stays on device)
- Browser returns the public key + attestation to server
- Server stores the public key for future auth
🔐 Authentication Flow
- Server sends a new challenge
- Browser calls
navigator.credentials.get() - Authenticator signs the challenge with private key
- Browser returns the assertion (signature)
- Server verifies the signature with stored public key
🛡️ Why Passkeys?
- 🚫 No passwords to remember, leak, or phish
- 🔒 Phishing-resistant — bound to the origin
- ⚡ Faster — one tap instead of typing
- 🌐 Cross-device — synced via platform (iCloud, Google)