What is the Passkey login option?

General questions about authentication for electronic signatures

Passkey is a simple and secure way to log in and authenticate. If you use Passkey, you can verify yourself via fingerprint, face scan or device PIN and no longer have to enter your login (consisting of user name and password). A passkey allows you to log in via your device, e.g. using a fingerprint, face scan or PIN. The available feature depends on your device.

Your biometric data used for Passkey remains stored locally on the respective device and is not transmitted. Neither Swisscom nor other providers have access to these keys. This makes Passkeys much more secure than passwords. For detailed information on using Passkey with your operating system, please visit the Apple or Google websites.

How does logging in with a passkey work?

Brief explanation: If the user wants to log in to an online service, their device suggests the stored passkey for authentication. To confirm the login request, they then simply have to unlock their linked device, for example using a fingerprint sensor or facial recognition. This proves that they have access to the passkey used.

Passkeys: faster, simpler and more secure

Passkeys are considered a simpler and more secure login method than passwords. But why is that? Logging in with a passkey is easier and more convenient for users, as there is no need for an additional second factor. Instead, they can authenticate themselves using a fingerprint sensor, facial recognition or PIN. This means that the private key is the first factor and the fingerprint, for example, is the second. In addition, passkeys are standardised. This means that they have to be set up once and can then be used on all devices.

Passkeys are also the better alternative in terms of security: instead of a password, only a public key is stored on the server. This makes it much less interesting for attackers to hack into such servers in the first place. In addition, passkeys only work for registered websites and apps. The browser or operating system performs the check and thus protects users from phishing attacks.

How exactly do passkeys work?

Passkeys are based on the principle of asymmetric encryption. A private key is stored on your mobile phone. You can visualise this as a long, randomly generated string of characters. Unlike a password, this is never shared with the linked online service.

If you now want to log in to an online service, a login request is sent to your device. This signs the request with your private key and sends the request back to the online service for verification. Access to the private key is secured by means of a fingerprint, for example. The server then uses the public key to check whether the correct private key has been used and, if so, confirms the login request.

Further help on the topic of Passkey