Cryptographic Foundations of Passkeys

Cryptographic foundations of passkeys How modern authentication really works

Introduction: Why Cryptography Matters for Passwordless Authentication

Among the most discussed and promising technologies in identity & authentication space are passkeys, a method that relies on asymmetric cryptography rather than traditional secrets such as passwords. To understand how passkeys achieve phishing resistance and make passwords redundant, one must understand their cryptographic foundations.

This article explores the core cryptographic principles behind passkeys, including public key cryptography, digital signatures, and the role of standards such as WebAuthn and FIDO2. It also outlines why passkeys deliver a higher assurance of real authentication and how they can support end-to-end encrypted services. We’ll cover key components such as encryption keys, FIDO security keys, credential attestation, and the cryptographic services embedded in authenticators.

What Is a Passkey from a Cryptographic Perspective?

At its core, a passkey is a cryptographic key pair — a public and private key — uniquely associated with a user account on a specific domain. The public key is stored by the service provider, and the private key stays secure on the user’s authenticator device.

When a user authenticates with a passkey, the service presents a random value challenge. The authenticator signs this challenge using the private key. The server then uses the public key stored during registration to verify the signature. This is the fundamental use of digital signatures in public key infrastructure (PKI): the user proves possession of a secret without exposing it.

Critically, no shared secrets are transmitted during authentication. Unlike passwords or OTPs, there’s no information for attackers to intercept or reuse.

Why Passwords Fail and Why Passkeys Work

Passwords are vulnerable because they are:

  • Reused across websites
  • Susceptible to phishing
  • Exposed in breaches
  • Stored on servers (hashed or otherwise)

Even the best multi-factor authentication (MFA) implementations that rely on passwords suffer from shared-secret weaknesses. Passkeys solve these problems through cryptographic separation and origin binding, a core component of WebAuthn.

With passkeys, each website generates its own unique key pair. Even if users register on multiple websites, their private key material is always isolated per origin, and phishing-resistant because authenticators validate the domain origin before signing.

How WebAuthn Makes Passkeys Phishing-Resistant

The WebAuthn specification is what transforms passkeys from basic cryptographic tools into a secure, phishing-resistant authentication framework. It introduces the following protections:

  • Origin binding: the browser provides the domain origin to the authenticator
  • Per-origin keys: each site receives a unique key pair
  • User presence check: most authenticators require touch, PIN, or biometric interaction
  • TLS enforcement: passkeys only operate over HTTPS

Because of these properties, a fake bank cannot trick a user into authenticating with a passkey for a legitimate bank. The authenticator verifies the request’s origin and refuses to sign if it doesn’t match.

Types of Authenticators and Their Cryptographic Role

Platform Authenticators

These live on the user’s primary device (e.g., iCloud Keychain, Windows Hello, Google Password Manager). They store private keys securely and use local biometric or PIN-based unlock methods.

  • Pros: Seamless user experience, backup support, device-level hardware security
  • Cons: Risk if the device is compromised

Roaming Authenticators (FIDO Security Keys)

These are physical devices like YubiKeys, Feitian, or Google Titan Keys.

  • Pros: Hardware-isolated, resistant to malware
  • Cons: No cloud backup, risk of physical loss

From a cryptographic standpoint, these authenticators generate and hold encryption keys, produce digital signatures, and never export the private key material. They can also attest their origin, enabling enterprises to verify that only authorized devices are used.

Attestation: Proving the Authenticity of the Authenticator

One of the lesser-known but critically important features of WebAuthn is attestation. Attestation allows an authenticator to prove its provenance — essentially confirming its make and model through a certificate chain signed by the manufacturer.

Why Attestation Matters:

  • Enterprises can enforce that only approved hardware (e.g., FIPS-certified devices) is used.
  • It helps differentiate between genuine authenticators and potential counterfeit or tampered ones.
  • Provides assurance that the private key generation and storage occurs within a secure boundary.

This is particularly important for organizations with compliance requirements or high-security environments. For example, allowing only FIDO2 Level 2-certified security keys for workforce authentication.

Important caveat:

  • Attestation is optional in the WebAuthn specification.
  • Many consumer devices do not support attestation or allow users to opt out of sending attestation data.

Credential Identifiers and the Risk of Collisions

Every passkey includes a credential ID, a unique identifier used to retrieve the correct public key during authentication.

These identifiers are supposed to be:

  • Randomly generated
  • Statistically unique
  • Non-sensitive (since they are often stored server-side)

What can go wrong:

  • A malicious authenticator might reuse credential IDs.
  • A flawed implementation might reduce randomness, increasing collision risk.
  • An attacker who intercepts the credential ID might attempt to register a duplicate.

Mitigation:

  • Relying parties (websites) must enforce uniqueness — rejecting any registration attempt with a duplicate credential ID.
  • Treat credential IDs like UUIDs: probabilistic uniqueness, not cryptographic secrecy.

This is a simple but essential integrity check in passkey management systems.

WebAuthn Extensions: Enhancing Cryptographic Capabilities

The WebAuthn API supports optional extensions that allow authenticators and browsers to perform additional cryptographic operations. These extensions are key to enabling new use cases like key derivation, encrypted data storage, and policy enforcement.

1. prf / hmac-secret

  • Allows using the authenticator as a pseudorandom function (PRF).
  • Based on HMAC-SHA-256 using a fixed key generated during credential registration.
  • Enables use cases like per-site key derivation or session key generation.

While limited compared to full key derivation frameworks like HKDF, this extension is still powerful for controlled cryptographic operations.

2. largeBlob

  • Lets websites store and retrieve opaque binary blobs during authentication.
  • Can be used for:
    • Storing end-to-end encryption keys
    • Certificates
    • Application-specific tokens

This turns passkeys into potential containers for secure data, not just for authentication.

Security Boundaries and Threat Model

Despite marketing language, passkeys are not immune to compromise. They drastically reduce the risk surface compared to passwords, but understanding their limitations is essential.

What Passkeys Protect Against:

  • Phishing attacks
  • Credential reuse
  • Credential stuffing
  • Server-side data breaches (no sensitive secrets stored on the server)

What Passkeys Do Not Prevent:

  • Malicious browsers tricking users via UI spoofing
  • Compromised authenticators leaking private keys
  • Malware-infected devices capturing local authentication events
  • Recovery attacks if passkeys are backed up improperly

Recommended Practices:

  • Use hardware authenticators in high-risk scenarios.
  • Educate users to verify request origins when approving authentications.
  • Implement strong recovery flows to mitigate lost device scenarios.

Key Recovery and Backup Strategies

Unlike passwords, passkeys are cryptographic secrets. Once lost, they cannot be reset or recovered unless explicitly backed up.

Recovery Options:

  • Platform authenticators: May sync passkeys via cloud (e.g., iCloud, Google Password Manager)
  • Roaming authenticators: Typically no backup — loss means irreversible credential loss
  • Enterprise strategies:
    • Require backup keys
    • Use platform-managed backup with access restrictions
    • Monitor authenticator attestation and key provenance

Security vs usability is always a trade-off. For maximum control, organizations should favor enterprise-issued security keys and enforce device policies via attestation.

Passkeys and End-to-End Encryption: A Promising Use Case

While passkeys are primarily designed for user authentication, their underlying cryptographic properties also make them viable tools in end-to-end encryption (E2EE) models. Because passkeys are based on public/private key pairs, they can theoretically be used to:

  • Derive session keys for encrypted communications
  • Sign or decrypt sensitive data within the user’s trusted environment
  • Secure cloud-stored documents with user-controlled keys

For example, using WebAuthn extensions such as prf, it’s possible to derive deterministic symmetric keys from passkeys, enabling E2EE in browser-based apps.

Example Use Case:

A messaging app could:

  1. Derive a symmetric key via prf during authentication.
  2. Use it to encrypt messages on the client-side.
  3. Transmit only encrypted payloads to the server.
  4. Prevent the server from accessing message content — true E2EE.

But there’s a caveat: real end-to-end encryption is difficult in the browser due to JavaScript being delivered by the server. A malicious server can inject compromised JS that exfiltrates keys or plaintext messages.

Mitigations:

  • Use subresource integrity (SRI) to cryptographically pin known-good scripts.
  • Implement binary transparency via public logs that track versions of served JS.
  • Prefer cross-device passkey authentication (e.g., smartphone with secure display) when using browser-based E2EE.

The Importance of Trusted UI and Secure Input Paths

A foundational principle in authentication is trusted user interaction. Passkeys rely on user verification steps — like touching a security key or scanning a fingerprint. However, the UI used to display what is being signed is just as important as the cryptography behind it.

Two kinds of authenticators:

  1. Authenticators with displays (e.g., YubiKey Bio, smartphones)
    • Can show the origin of the website requesting authentication
    • Give users a chance to spot phishing attempts
  2. Displayless authenticators (e.g., YubiKey 5)
    • Rely on the browser to display what the user is signing
    • Vulnerable if the browser is compromised (malware, rogue extensions)

Best practice:

  • For high-security applications, always prefer an authenticator that displays authentication context independently of the host system.
  • If not possible, use secure browser environments with endpoint protections.

✅ Keywords: real authentication, fido security key, cryptographic services

Enterprise Integration Strategies for Passkeys

For organizations moving toward passwordless authentication, passkeys offer a secure and scalable path — particularly when integrated with Secfense.

Key benefits of Secfense’s model:

  • No-code, agentless architecture – add MFA without changing applications
  • Works with Active Directory (AD) environments
  • Enables FIDO2-based authentication via any compatible authenticator
  • Supports multiple authentication factors, including passkeys, OTP, and biometrics
  • Supports mobile-bound passkeys – credentials are tied to company-managed smartphones, ensuring users authenticate with devices under enterprise control rather than syncing sensitive material to personal cloud accounts

Secfense acts as a User Access Security Broker (UASB), enabling:

  • Central policy enforcement across user groups, applications, and authentication contexts
  • Flexible authenticator support – including platform authenticators, roaming keys, and mobile-bound credentials
  • Integration with existing IAM infrastructure – no need to modify AD logic or application authentication flows

This architecture enables enterprise-scale passkey deployment while maintaining full control over device trust, identity assurance, and security policies all without disrupting existing systems.

Common Cryptographic Pitfalls in Passkey Implementations

Even strong cryptographic systems can be undermined by poor implementation choices. Here are common issues to avoid when working with passkeys:

1. Weak Credential ID Validation

  • Failing to enforce uniqueness opens doors to spoofing or overwriting valid passkeys.

2. Improper Origin Handling

  • Misconfigured applications might pass incorrect origins to the authenticator, weakening phishing resistance.

3. Insecure Recovery Flows

  • Backdoor recovery paths (e.g., email verification) can reintroduce phishing vectors.

4. Unsupported WebAuthn Extensions

  • Assuming browser or authenticator support without checking can break the authentication flow or expose data.

5. Silent Failures in Attestation

  • If your policy requires trusted devices, but attestation fails silently, users may register non-compliant authenticators.

The Role of Cryptographic Standards and Certification

Passkeys are backed by mature, standardized cryptographic protocols:

  • FIDO2: Based on public key cryptography and challenge-response authentication
  • WebAuthn: W3C standard that defines the interaction between browser, authenticator, and server
  • CTAP (Client to Authenticator Protocol): Defines communication between browser and authenticator
  • PKI: Used for attestation and validation of authenticators

Why standards matter:

  • Ensure interoperability between vendors
  • Allow third-party certification (e.g., FIDO L2 certification)
  • Enable formal audits and compliance reporting

Organizations should prioritize FIDO-certified authenticators and evaluate browser support to ensure a consistent authentication experience.

Summary: Why Cryptography Makes Passkeys the Future of Authentication

Passkeys fundamentally change how authentication works by eliminating shared secrets and replacing them with cryptographic guarantees. They rely on:

  • Public key cryptography to prove identity without transmitting secrets
  • Digital signatures to verify each authentication attempt
  • Origin binding to prevent phishing and credential reuse
  • Hardware-backed secure storage for private keys
  • Standards-based attestation to prove the authenticity of authenticators

With these mechanisms in place, passkeys offer real authentication resistant to phishing, resilient to server breaches, and independent of user-chosen credentials.

Developer and Security Team Recommendations

If you’re building or maintaining authentication systems, here’s how to implement passkeys securely:

✅ Use a compliant FIDO2 server

Choose a reliable component (like Secfense UASB) to handle authentication logic securely and with support for WebAuthn and CTAP standards.

✅ Support multiple authenticators

Enable both platform and roaming authenticators. Allow users to register more than one device and encourage backup registration.

✅ Enforce domain origin validation

Always validate the origin in the authentication request this is the core phishing defense.

✅ Validate attestation (if required)

For regulated environments, validate attestation certificates to ensure authenticators meet internal policy (e.g., FIPS-certified devices only).

✅ Secure recovery flows

Avoid fallback mechanisms that reintroduce shared secrets. Use recovery keys or trusted device policies instead.

Compliance Alignment: How Passkeys Support GDPR, NIS2, and DORA

Passkeys not only improve security but also support modern compliance frameworks:

🛡️ GDPR

  • No personally identifiable information (PII) stored in the authenticator
  • Users retain control over their credentials
  • Passkeys can be revoked without exposing sensitive data

🛡️ NIS2

  • Strong authentication required for essential and important entities
  • Passkeys provide high-assurance authentication resistant to phishing and interception

🛡️ DORA

  • Enhanced digital resilience for financial institutions
  • Passkeys reduce reliance on vulnerable MFA channels (e.g., SMS)
  • Compatible with secure audit trails and logging (e.g., ECS format for SIEM)

Secfense enables organizations to meet these standards without overhauling infrastructure, allowing gradual and compliant adoption of strong authentication.

Final Thoughts: The Cryptographic Future of Authentication

Passkeys are more than a usability improvement they represent a paradigm shift in authentication security. Their cryptographic foundation offers:

  • Real user authentication
  • Protection against phishing and password reuse
  • Secure recovery and hardware-backed credential storage
  • Alignment with enterprise security policies and compliance mandates

They are particularly effective when integrated with platforms like Secfense, which offer agentless, no-code integration into existing infrastructure without requiring changes to Active Directory or legacy systems.

Get in touch

Talk to a Secfense expert
Looking to implement passkeys in your organization with full control and compliance? Contact our team to schedule a consultation.

Watch the related webinar
Learn how BNP Paribas Bank rolled out passkeys at scale without changing your applications or infrastructure. Watch the full recording here.

Antoni takes care of all the marketing content that comes from Secfense. Read More

Featured Articles

Keep In Touch

Read More

Cryptographic Foundations of Passkeys

Introduction: Why Cryptography Matters for Passwordless Authentication Among the most discussed and promising technologies in identity & authentication space are passkeys, a method that relies…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 8 MIN

How BNP Paribas bank implemented passkeys on a large scale in just 3 months

More and more financial institutions are looking for ways to increase authentication security while simplifying the login process. One of the most effective approaches is…
Avatar of Antoni Sikora Antoni Sikora

READ TIME < 1 MIN

How can enterprises prevent passkey sharing across devices?

As more organizations move toward passwordless authentication, many face a critical question: how can we prevent passkeys from being shared across personal or unmanaged devices?…
Avatar of Antoni Sikora Antoni Sikora

READ TIME 2 MIN

Testimonials

We are faced with new challenges every day. We must always be one step ahead of the attackers and know what they are going to do before they do it. We are convinced that the User Access Security Broker will bring security to a new level, both for those working at the office and from home. For us, working with Secfense is an opportunity to exchange experience with developers who put great value on out-of-the-box thinking.

Krzysztof Słotwiński

Business Continuity and Computer Security Officer

BNP Paribas Bank Poland

As part of the pre-implementation analysis, we verified that users utilize a wide range of client platforms: desktop computers, laptops, tablets, smartphones, and traditional mobile phones. Each of these devices differs in technological advancement, features, and level of security. Because of this, and also due to the recommendation of the Polish Financial Supervision Authority (UKNF), we decided to introduce additional protection in the form of multi-factor authentication mechanisms based on FIDO. As a result, users of our applications can log in safely, avoiding common cyber threats such as phishing, account takeover, and theft of their own and their clients’ data.

Marcin Bobruk

CEO

Sandis

We are excited to partner with Secfense to enhance our user access security for our web apps. By integrating their User Access Security Broker, we ensure seamless and secure protection for our applications and systems, delivering superior security and convenience to our customers.

Charm Abeywardana

IT & Infrastructure

Visium Networks

Before investing in Secfense, we had the opportunity to talk to its existing clients. Their reactions were unanimous: wow, it’s so easy to use. We were particularly impressed by the fact that implementing their solution does not require the involvement of IT developers. It gives Secfense a huge advantage over the competition, and at the same time opens the door to potential customers who so far were afraid of changes related to the implementation of multi-factor authentication solutions.

Mateusz Bodio

Managing Director

RKKVC

Even when the network and infrastructure are secured enough, social engineering and passwords can be used to gain control of the system by attackers. Multifactor authentication is the current trend. Secfense addresses this and allows you to build zero trust security and upgrade your current systems to passwordless applications within minutes, solving this problem right away,” said Eduard Kučera, Partner at Presto Ventures and cybersecurity expert – former Director in hugely successful Czech multinational cyber security firm Avast.

Eduard Kučera

Partner

Presto Ventures

One of the biggest challenges the world is facing today is securing our identity online. That’s why we were so keen to have Secfense in our portfolio. They make it possible to introduce strong authentication in an automated way. Until now, organizations had to selectively protect applications because the deployment of new technology was very hard, or even impossible. With Secfense, the implementation of multi-factor authentication is no longer a problem, and all organizations can use the highest standards of authentication security.

Stanislav Ivanov

Founding Partner

Tera Ventures