> ## Documentation Index
> Fetch the complete documentation index at: https://docs.turnkey.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Introduction to Passkeys

> Passkeys are born out of a new standard being pushed by major industry players: Apple and Google.

Google has a great high-level introduction to passkeys at [https://developers.google.com/identity/passkeys](https://developers.google.com/identity/passkeys), and Apple has its own version here: [https://developer.apple.com/passkeys](https://developer.apple.com/passkeys)

## TLDR: what are passkeys?

From a technical point of view, passkeys are cryptographic key pairs created on end-user devices. Apple and Google have done a great job making these key pairs usable:

* Key generation happens in secure end-user hardware.
* Using passkeys is easy thanks to native browser UIs and cross-device syncing.
* Passkey recovery for users is supported natively by Apple via iCloud Keychain and Google via the Google Password Manager.

Passkeys come with big security upgrades compared to traditional passwords:

* Access to passkeys is gated with OS-level biometrics: faceID, touchID, lock screen patterns, and so on.
* Passkeys are bound to the web domain that creates them. This is important to thwart phishing attacks, where an attacker hosts a similar-looking website to steal user credentials. This is doable with passwords; impossible with passkeys.
* Because passkeys rely on public key cryptography, passkeys have two components: a public key and a private key. Private keys are never disclosed to websites or apps, making them a lot harder to steal. Only public keys are sent. To authenticate, passkeys sign messages (with their private keys) and provide signatures as proofs, similar to crypto wallets.

## Isn't this similar to WebAuthn?

If you know about Webauthn, congratulations: a lot of this will feel familiar. Passkeys rely on the [same web standard](https://www.w3.org/TR/webauthn-2/) and the same browser APIs: `navigator.credentials.create` and `navigator.credentials.get`.

The difference? Passkeys are resident credentials and they can be synced between devices. As a result, they are **not** device-bound and can be used from any device.

## How do cross-device syncing and recovery work?

Synchronization and recovery are both supported natively by Apple and Google:

* With Apple, Passkeys created on one device are synced through [iCloud Keychain](https://support.apple.com/en-us/HT204085) as long as the user is logged in with their Apple ID. Apple covers both syncing and recovery in ["About the security of passkeys"](https://support.apple.com/en-us/102195). For some additional detail, see [this Q\&A with the passkey team](https://developer.apple.com/news/?id=21mnmxow). Apple's account recovery process is documented in [this support page](https://support.apple.com/en-us/HT204921).
* With Google, [Google Password Manager](https://passwords.google/) syncs passkeys across devices seamlessly. Google has plans to support syncing more broadly across different operating systems, see [this support summary](https://developers.google.com/identity/passkeys/supported-environments#chrome-passkey-support-summary). Recovery is covered in [this FAQ ("What happens if a user loses their device?")](https://developers.google.com/identity/passkeys/faq#what_happens_if_a_user_loses_their_device): it relies on Google's overall [account recovery process](https://support.google.com/accounts/answer/7682439?hl=en) because passkeys are attached to Google accounts.

## OS and browser support

Modern browsers have great support for passkeys. See [caniuse](https://caniuse.com/passkeys) for detailed information.

Support also varies by operating system: [this matrix](https://passkeys.dev/device-support/#matrix) has detailed information about OS-level support.

## Betting on WebAuthn and Passkeys

We believe **it's time to move away from passwords** so we've built Turnkey without them. When you authenticate to Turnkey you'll be prompted to create a new passkey:

<CardGroup>
  <Frame>
    <img src="https://mintcdn.com/turnkey-0e7c1f5b/5sbBAG4Yfd-9P7Ds/images/passkeys/img/passkeys/turnkey_authenticator_selection.png?fit=max&auto=format&n=5sbBAG4Yfd-9P7Ds&q=85&s=efd2bf061003da2a0cf9bc317a4eb8a9" alt="Authenticator selection on Turnkey" width="1312" height="1032" data-path="images/passkeys/img/passkeys/turnkey_authenticator_selection.png" />
  </Frame>

  <Frame>
    <img src="https://mintcdn.com/turnkey-0e7c1f5b/5sbBAG4Yfd-9P7Ds/images/passkeys/img/passkeys/turnkey_passkey_prompt.png?fit=max&auto=format&n=5sbBAG4Yfd-9P7Ds&q=85&s=c2e7dfe62206e95e02af8aea2e51f11a" alt="Passkey prompt on Turnkey" width="896" height="670" data-path="images/passkeys/img/passkeys/turnkey_passkey_prompt.png" />
  </Frame>
</CardGroup>

Authentication to Turnkey requires a passkey signature. No password needed!

Next up, learn about how you can integrate passkeys into your app, [here](/authentication/passkeys/integration).