The World of Passkeys


Welcome to the future of secure and seamless digital access.

Today we delve into the world of passkeys, discussing their role in transforming digital access before exploring the most recent development to Kujira’s mobile wallet, SONAR, and how this integration will make user’s experience more secure and easier than ever.

Table of Contents

Let’s kick this off by exploring the role that industry leaders have played in bringing this innovative technology to life.

The Rise of Passkeys

Passkeys, the latest alternative to passwords, aim to make the online login process safer and easier than ever before. This technology was first developed by the FIDO Alliance, an open industry association consisting of prominent companies such as Apple, Google, 1Password, Mastercard, Visa, PayPal, and Yubikey, who all shared the same mission – ‘to reduce the world’s dependence on passwords

With this in mind, they set out to design a system that did not depend on a shared password between the service provider and the user, and no longer required these users to create and remember a complicated password to access an online service securely.

So, what is this system, and how exactly does this technology work?

Understanding Passkey Technology

When connecting to a new service for the first time, the smartphone generates two related cryptographic keys, a public and a private key. The public key is shared to the service provider, while the private key is stored in a hardware secured location inside the device. 

During subsequent logins, the relying party will issue a randomly generated “challenge” to the user’s device, which must be answered by signing the challenge using the private key. The relying party can then validate the authenticity of the private key by verifying the response with the associated public key. 

If the original randomly generated challenge matches the verified signature in the response, authentication is confirmed and access is granted; otherwise, access is denied. Understanding this, we can begin to see how such a technology not only boosts security but also drastically improves the user experience.

How does it do this you ask? Allow me to explain.

User Experience and Multi-Device Accessibility

User Experience

Unlike traditional passwords, passkeys use cryptographic key pairs—one public and one private—eliminating the risks associated with weak passwords or data breaches where passwords are stored. The private key remains securely on the user’s device, making it nearly impossible for attackers to gain unauthorized access.

Furthermore, passkeys streamline the login process by leveraging biometric authentication, such as fingerprints or facial recognition, or trusted devices, thus removing the need for users to remember and enter complex passwords. This not only reduces the likelihood of phishing attacks but also simplifies access to accounts, providing a seamless and secure user experience.

Passkeys also simplify the multi-device experience.

Multi-Device Accessibility

Synchronization between devices ensures you can access the same wallet from any device, in any location. So, if you lose access to a device, because the wallet is secured by biometrics it becomes inaccessible to everyone. Asynchronous access is also possible when two devices are physically close.

For example, a user who wants to log on to a desktop computer can send a request to the mobile device, which then prompts the user for biometric authentication. Once authenticated, the mobile device communicates the access grant to the desktop. This authentication method can even be used between iOS and Windows by simply scanning a QR code.

However, what happens if you lose access to a device? Let’s now explore how passkeys handle recovery situations.

Passkey Security: Backup & Recovery

In addition to sharing, passkey service providers like Apple, Google, 1Password and others also offer different types of secure backup. Here, access to that backup is strictly controlled and only allowed under certain conditions, making the selected provider the de facto guarantor of your security.

In the event that you lose access to all of your devices with Passkey Sync, the provider will escrow the recovery after a secure user identification. However, this process is different depending on the provider you choose. Let’s look at example now.

Passkey Recovery: Apple

The security of the Apple iCloud Keychain recovery process is technically enforced through the use of encrypted communications and secure authentication mechanisms. So, when you need to restore your keychain, Apple guarantees you the access through a secure authentication process using your iCloud credentials and SMS verification.

The actual keychain data remains encrypted in a way that even Apple cannot access directly. This system ensures that only the account owner can retrieve their keychain, maintaining user privacy and data security.

We’ve now seen how passkeys can effectively replace passwords, but when applied to the blockchain, it becomes even more interesting.

Passkeys and Seed Phrases

As you may well know, one of the main barriers to Web3 adoption is getting the user to understand the importance of seed phrases, or mnemonic phrases. Seed/mnemonic phrases are typically 12/24 words and I don’t know about you, but trying to remember this proves somewhat of a challenge, especially after a few drinks!

Not only does this process introduce the risk of human error (miswriting or misplacing the words), but it also requires users to secure the physical storage of their seed phrases against loss, theft, or damage.

Passkeys, on the other hand, greatly simplify this process by embedding security in the device and managing it through user-friendly, biometrically secured mechanisms that enhance both security and convenience. This ease of use, combined with robust security features, makes passkeys a much more attractive option for everyday users than its counterpart.

Now that you are comfortable with the key differences between these two methods of password storage, we can now look to see the benefits of Passkeys in real-world blockchain applications.

Kujira’s Integration of Passkeys

One of the standout features of Kujira’s recent integration of Passkey technology into SONAR is the “walletless access” feature, which allows users to create and connect to a new wallet directly from a mobile browser like Safari or Chrome, without installing any additional applications.

Simply download the app, click ‘Create Wallet,’ and authorize via biometrics. Read the guide here.

This integration has eliminated the need for a seed phrase, making the wallet creation process not only more secure but also faster and easier to use, particularly for non-technical users.

By lowering the barriers to entry, it has made it much easier for anyone to start using Kujira’s DeFi products and applications, aligning with their commitment to making DeFi more accessible and less intimidating for a broader audience.

Grown-Up Defi, at the palm of your hands.

The Future of Digital Security 

Throughout this article, we’ve seen how Passkeys solve for the limitations of traditional passwords and seed phrases, providing an enhanced user experience that is secure, streamlined, and user-friendly. This innovative technology is set to simplify digital services for a broader audience, enhancing data security and making it easier for users of all skill levels to enjoy the benefits of secure, hassle free DeFi interactions.

Through the integration of Passkey technology, Kujira is positioning itself at the forefront of the next phase of the digital revolution, and with the multiple applications currently being integrated into SONAR, the team are creating something truly special, accessible to all.

So, what are you waiting for?

Set up your Passkey on SONAR, and step into the future of digital security today.

Passkeys: Bridging the Gap in Legacy Authentication Processes

Creating Your First SONAR Wallet – WinkHUB

Kujira Ecosystem

Sonar by Kujira

Kujira Academy is a platform that aims to bridge the gap between young entrepreneurs and Web3, providing them with tangible education and career acceleration opportunities. Built by students, for students. Learn more about the academy and our vision here.

To register your interest and become a student of Kujira Academy, click here.

Written by KUJitalia