# Passkeys

Just looking into passkeys to figure out whether I should be using them.

> A passkey is **a way to log in to apps and websites** **without using a username and password combination**. It's **a pair of cryptography keys** **generated by your device**. **A public key and a private key combine to create a passkey** **that unlocks your account**. **Apps or websites store your unique public key**. **Your private key is only stored on your device**, and **after your device authenticates your identity, the two keys combine to grant you access to your account**.
> 
> – [Passkeys: What They Are and Why You Need Them ASAP](https://uk.pcmag.com/password-managers/145064/passwordless-authentication-what-it-is-and-why-you-need-it-asap)

Summary of the above:

<summary><ul class="org-ul">
<li>a way to log in to apps and websites</li>
<li>without using a username and password combination</li>
<li>a pair of cryptography keys</li>
<li>generated by your device</li>
<li>A public key and a private key combine to create a passkey</li>
<li>that unlocks your account</li>
<li>Apps or websites store your unique public key</li>
<li>Your private key is only stored on your device</li>
<li>after your device authenticates your identity, the two keys combine to grant you access to your account</li>
</ul></summary>

OK, so it's device-based.   At first blush it sounds quite similar to SSH keys.

But - I believe you can use your password manager as a proxy for your device.

[[Does keepassxc work with passkeys?]] &lt;- yep, looks like it, as of March 2024, that's good timing.

I'm intrigued as to who is behind passkeys.  Always worth checking who is pushing it and why.

A big proponent seems to be the FIDO Alliance.