Skip to main content
Passkeys are a secure, passwordless authentication method modeled on the FIDO2 (WebAuthn and CTAP) standards. They have several advantages over traditional identifier/password authentication:
  • Passkeys let users authenticate with biometrics or device-bound credentials (like a fingerprint, PIN, or pattern), so login is faster and doesn’t require remembering a password.
  • Passkeys synchronize credentials across devices so users don’t need to re-enroll on each new device.
  • Passkeys are resistant to phishing because they use public key cryptography, so there are no shared secrets, and the user’s device generates unique keys for every account.
  • Passkeys support more reliable recovery because the stored credentials can survive the loss of an originating device.
To learn more about passkeys, read the FIDO Alliance passkey overview.

About passkeys on Auth0

Auth0 supports passkeys as an authentication method for database connections. When you enable passkeys for your database connection, passkeys become available for users during sign-up and login.
1

The sign-up UI prompts the user for their email address.

The user enters their email address and selects Continue.
2

The sign-up UI prompts the user to use passkeys.

The user selects Create a passkey.
3

The user's credential manager prompts them to create a passkey.

If the user selects Continue, it prompts them to authenticate with their device’s credentials.
If the user selects Try another way, it prompts them to scan a QR code with the device where they want to create the passkey.
1

The login UI prompts the user for their email address and/or a passkey.

Your database connection’s passkey policy lets you choose whether the login UI allows autofill, displays the passkey button, or both.
If the user enters their email, autofill suggests their stored passkeys alongside other credentials, like passwords.If the user selects the Continue with a passkey button, their credential manager prompts them to choose which passkey to use.
2

The user's credential manager prompts them to authenticate with their device credentials.

Passkeys do not replace or invalidate a user’s existing credentials. When a user creates their passkey, it is added to their account as an authentication method, but any existing email/username and password credentials remain valid. If the user needs to reset their account, they can trigger an interactive password reset flow through .

Learn more

Configure Passkey Authentication

How to enable and configure passkeys as an authentication method on a database connection.

Monitor Passkey Events in Tenant Logs

Event codes and descriptions for passkey events in tenant logs.