Upgrade to Pro — share decks privately, control downloads, hide ads and more …

What the fuck are passkeys and why are they eve...

Avatar for Daniel Lew Daniel Lew
May 02, 2026
Technology
8
1

What the fuck are passkeys and why are they everywhere now?

It seems like every time you login to a website nowadays, it asks you to create a passkey. If you’re like me, you initially assumed this was some sort of scam. But now that it’s everywhere, you’re beginning to wonder what it’s all about and why every website is pushing it constantly.

This talk will cover the basics of what a passkey is, how they came to be, and what you should do about them now that they’re here.

Avatar for Daniel Lew

Daniel Lew

May 02, 2026

More Decks by Daniel Lew

See All by Daniel Lew
How to Use Computers (Privately!)
Avatar for Daniel Lew dlew
0
85
Finding Meaningful, Mission-Driven Work
Avatar for Daniel Lew dlew
0
180
Things Maybe You Don't Know as a Newer Developer
Avatar for Daniel Lew dlew
1
140
Maintaining Software Correctness
Avatar for Daniel Lew dlew
4
1.1k
Grokking Coroutines (MinneBar)
Avatar for Daniel Lew dlew
5
680
ClimateChangeTech.pdf
Avatar for Daniel Lew dlew
0
160
What Tech Can Do About Climate Change
Avatar for Daniel Lew dlew
0
660
Grokking Coroutines
Avatar for Daniel Lew dlew
5
1.4k
Automated Tests Aren't Enough
Avatar for Daniel Lew dlew
0
550

Other Decks in Technology

See All in Technology
AWS Transform CustomでIaCコードを自由自在に変換しよう
Avatar for k-kun duelist2020jp
0
150
Arcana: Production-Ready RAG in Elixir @ ElixirConf EU 2026
Avatar for georgeguimaraes georgeguimaraes
0
110
AI時代のガードレールとしてのAPIガバナンス
Avatar for 草薙昭彦 nagix
0
310
クラウドネイティブな開発 ~ 認知負荷に立ち向かうためのコンテナ活用
Avatar for Masatoshi Hayashi literalice
0
150
小説執筆のハーネスエンジニアリング
Avatar for osushi_cr yoshitetsu
0
780
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
Avatar for yu4u yu4u
0
400
20260428_Product Management Summit_Loglass_JoeHirose
Avatar for 広瀬丈 loglassjoe
3
3.8k
コードや知識を組み込む / Incorporate Code and Knowledge
Avatar for Kenji Saito ks91
PRO
0
170
ネットワーク運用を楽にするAWS DevOps Agent活用法!! / 20260421 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
230
エージェントスキルを作って自分のインプットに役立てよう
Avatar for Yuta Matsumura tsubakimoto_s
0
440
Agents CLI と Gemini Enterprise Agent Platform で マルチエージェント開発が楽しくなる!
Avatar for Kaz kaz1437
0
150
AI: Making Admin and Users, Lives Better
Avatar for Keith Brooks kbmsg
0
110

Featured

See All Featured
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
32
2.9k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
2
970
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.2k
Information Architects: The Missing Link in Design Systems
Avatar for Michelle Chin soysaucechin
0
890
State of Search Keynote: SEO is Dead Long Live SEO
Avatar for Ryan Jones ryanjones
0
180
The #1 spot is gone: here's how to win anyway
Avatar for Tamara Novitovic tamaranovitovic
2
1k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
1
170
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
Avatar for Christian Goodrich cargoodrich
3
680
Practical Orchestrator
Avatar for Shlomi Noach shlominoach
191
11k
Building Adaptive Systems
Avatar for Chris Keathley keathley
44
3k
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
740
Large-scale JavaScript Application Architecture
Avatar for Addy Osmani addyosmani
515
110k

Transcript

  1. What the fuck are passkeys and why are they everywhere

    now https://www. fl ickr.com/photos/xrrr/3892883749 Dan Lew @ Minnebar20
  2. None
  3. None

  4. 🤷

  5. None
  6. None
  7. None

  8. it’s authentication

  9. None
  10. None

  11. Password Woes

  12. Password Woes 🔓 Weak passwords

  13. Password Woes ♻ Password reuse 🔓 Weak passwords

  14. Password Woes ♻ Password reuse Data breaches 🚨 🔓 Weak

    passwords

  15. Password Woes ♻ Password reuse 🎣 Phishing Data breaches 🚨

    🔓 Weak passwords

  16. W3C + FIDO

  17. None

  18. Proposal 2013

  19. Proposal 2013 2019 Level 1 Standard

  20. Proposal 2013 2019 Level 1 Standard Level 2 Standard 2021

  21. Proposal 2013 Apple Passkeys 2022 2019 Level 1 Standard Level

    2 Standard 2021

  22. Proposal 2013 2026? Level 3 Standard Apple Passkeys 2022 2019

    Level 1 Standard Level 2 Standard 2021

  23. Passkey

  24. Passkey WebAuthn
 Credential

  25. Passkey WebAuthn
 Credential 🔑 🚫 Passwordless

  26. Passkey WebAuthn
 Credential 🔑 🚫 Passwordless 👤 🚫 Usernameless

  27. None
  28. None
  29. None
  30. None
  31. None
  32. None

  33. Neo 🧑 Trinity 👩

  34. Neo 🧑 Trinity 👩 Trinity, help!

  35. Neo 🧑 Trinity 👩 Trinity, help! Trinity, help!

  36. Neo 🧑 Trinity 👩 Cypher 👨🦲 Trinity, help!

  37. Neo 🧑 Trinity 👩 Cypher 👨🦲 Trinity, help! No problems

    here!

  38. Neo 🧑 Trinity 👩 Cypher 👨🦲 Trinity, help! No problems

    here! No problems here!

  39. Neo 🧑 Trinity 👩

  40. Neo 🧑 Trinity 👩 Neo’s private key

  41. Neo 🧑 Trinity 👩 Neo’s private key Neo’s public key

  42. Neo 🧑 Trinity 👩 Neo’s private key Neo’s public key

  43. Neo 🧑 Trinity 👩 Neo’s private key Neo’s public key

  44. Neo 🧑 Trinity 👩 Neo’s private key Trinity, help! Neo’s

    public key

  45. Neo 🧑 Trinity 👩 Neo’s private key Trinity, help! Neo’s

    public key Sign

  46. Neo 🧑 Trinity 👩 Neo’s private key Trinity, help! Trinity,

    Help! BE459576 786039E8 Neo’s public key Sign

  47. Neo 🧑 Trinity 👩 Neo’s private key Trinity, help! Trinity,

    Help! BE459576 786039E8 Neo’s public key Verify Sign

  48. Neo 🧑 Trinity 👩 Neo’s private key Trinity, help! Trinity,

    Help! BE459576 786039E8 Trinity, help! Neo’s public key Verify Sign

  49. Trinity 👩 Trinity, help! Trinity, Help! BE459576 786039E8 Trinity, help!

    Verify Sign You 🫵 Your private key Your public key

  50. Trinity, help! Trinity, Help! BE459576 786039E8 Trinity, help! Verify Sign

    You 🫵 Your private key Your public key Server 🌐

  51. Verify Sign You 🫵 Your private key Your public key

    Server 🌐 It’s me! It’s me! BE459576 786039E8 It’s me!
  52. None

  53. ♻ Password reuse 🎣 Phishing Data breaches 🚨 🔓 Weak

    passwords

  54. ♻ Password reuse 🎣 Phishing Data breaches 🚨 🔓 Weak

    passwords 🔐 Strong passkeys

  55. ♻ Password reuse 🔓 Weak passwords 🔐 Strong passkeys ❄

    Unique passkeys Data breaches 🚨 🎣 Phishing

  56. ♻ Password reuse Data breaches 🚨 🔓 Weak passwords 🔐

    Strong passkeys ❄ Unique passkeys 🥱 Breach safe 🎣 Phishing

  57. ♻ Password reuse 🎣 Phishing Data breaches 🚨 🔓 Weak

    passwords 🔐 Strong passkeys ❄ Unique passkeys 🥱 Breach safe 🪝 Domain locked

  58. 🫆 All you need

  59. 🔑 🚫 Passwordless 🫆 All you need

  60. 🔑 🚫 Passwordless 👤 🚫 Usernameless 🫆 All you need

  61. 🔑 🚫 Passwordless 👤 🚫 Usernameless 💬 🚫 2FA-less 🫆

    All you need

  62. Something you know 💭

  63. Something you know 💭 Something you have 🎁

  64. Something you are 🫆 Something you know 💭 Something you

    have 🎁

  65. Something you are 🫆 Something you know 💭 Something you

    have 🎁 Password

  66. Something you are 🫆 Something you know 💭 Something you

    have 🎁 Password SMS Fingerprint

  67. Something you are 🫆 Something you know 💭 Something you

    have 🎁

  68. Something you are 🫆 Something you know 💭 Something you

    have 🎁 Passkey

  69. Something you are 🫆 Something you know 💭 Something you

    have 🎁 Passkey PIN Fingerprint
  70. None
  71. None

  72. Problem #1 Passkeys are confusing

  73. None

  74. Trivia Time! True or false…

  75. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication

  76. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication FALSE

  77. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) FALSE

  78. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) FALSE FALSE

  79. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa FALSE FALSE

  80. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa FALSE FALSE TRUE

  81. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts FALSE FALSE TRUE

  82. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts FALSE FALSE TRUE FALSE

  83. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts • You need the device that created the passkey to use it FALSE FALSE TRUE FALSE

  84. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts • You need the device that created the passkey to use it FALSE FALSE TRUE FALSE IT DEPENDS

  85. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts • You need the device that created the passkey to use it • You’re locked into a vendor’s credential manager (Apple, Google, etc.) FALSE FALSE TRUE FALSE IT DEPENDS

  86. Trivia Time! True or false… • Your biometrics are sent

    to servers during passkey authentication • Passkeys are 2FA (like SMS or TOTP) • You can use an iOS passkey on an Android phone or vice versa • Losing your phone means losing access to passkey accounts • You need the device that created the passkey to use it • You’re locked into a vendor’s credential manager (Apple, Google, etc.) FALSE FALSE TRUE FALSE IT DEPENDS FALSE

  87. Sources of Confusion

  88. Sources of Confusion Complex 🤯

  89. Sources of Confusion Inconsistent 🎭 Complex 🤯

  90. Human password demo

  91. Human passkey demo

  92. Passkeys != fancy passwords

  93. Inconsistencies

  94. Inconsistencies

  95. Inconsistencies

  96. Inconsistencies

  97. Inconsistencies

  98. Vendor Fight

  99. Vendor Fight

  100. Vendor Fight

  101. Vendor Fight

  102. “Usernameless”?

  103. “Passwordless”?

  104. Inconsistencies

  105. Inconsistencies Website or
 app 📱

  106. Inconsistencies Website or
 app 📱 Operating
 system ⚙

  107. Inconsistencies Website or
 app 📱 Operating
 system ⚙ Browser 🌎

  108. Inconsistencies Website or
 app 📱 Operating
 system ⚙ Browser 🌎

    Credential
 manager 🗄

  109. Inconsistencies Website or
 app 📱 Operating
 system ⚙ Browser 🌎

    Credential
 manager 🗄 Personal vs.
 work account 🏢

  110. Inconsistencies Website or
 app 📱 Operating
 system ⚙ Browser 🌎

    Credential
 manager 🗄 Personal vs.
 work account 🏢 Software vs.
 hardware authenticator 🗝
  111. None

  112. Passwords are simple

  113. Passwords are simple Passkeys are confusing

  114. Mike Pound, Computerphile “People are not famously that interested in

    taking in things they don't understand”

  115. Problem #2 Passkey technical issues

  116. None
  117. None
  118. None
  119. None

  120. Horror Stories

  121. Horror Stories One passkey
 at a time ☝

  122. Horror Stories One passkey
 at a time ☝ One passkey


    *ever* 🖕

  123. Horror Stories One passkey
 at a time ☝ One passkey


    *ever* 🖕 Links passkey
 to cookie 🍪

  124. Horror Stories One passkey
 at a time ☝ One passkey


    *ever* 🖕 Links passkey
 to cookie 🍪 Can’t initiate
 passkey fl ow 🛑

  125. Horror Stories One passkey
 at a time ☝ One passkey


    *ever* 🖕 Links passkey
 to cookie 🍪 Can’t initiate
 passkey fl ow 🛑 Can’t fi nd
 passkey ❓

  126. Horror Stories One passkey
 at a time ☝ One passkey


    *ever* 🖕 Links passkey
 to cookie 🍪 Can’t initiate
 passkey fl ow 🛑 Can’t fi nd
 passkey ❓ Just plain
 broken! ☹
  127. None

  128. Credential Manager Failures

  129. Credential Manager Failures Passkey
 wipeouts

  130. Credential Manager Failures Passkey
 wipeouts Device passkeys
 stop working

  131. Problem #3 Passwords are still here

  132. None
  133. None
  134. None
  135. None
  136. None

  137. ♻ Password reuse 🎣 Phishing Data breaches 🚨 🔓 Weak

    passwords 🔐 Strong passkeys ❄ Unique passkeys 🥱 Breach safe 🪝 Domain locked

  138. ♻ Password reuse 🎣 Phishing Data breaches 🚨 🔓 Weak

    passwords

  139. Passwords

  140. Passwords Passwords Passkeys +

  141. Passwords Passwords Passkeys + Passkeys

  142. None

  143. Passkey hopes & dreams…

  144. Passkey hopes & dreams… 🤝 Understood
 and trusted

  145. Passkey hopes & dreams… 🤝 Understood
 and trusted ⚖ Stable

    and
 consistent

  146. Passkey hopes & dreams… 🤝 Understood
 and trusted ⚖ Stable

    and
 consistent 💎 Rough edges
 polished
  147. None

  148. Thanks! danlew.net More info & slides