[
    {
        "role": "user",
        "content": "when%20people%20talk%20about%20signing%20in%20to%20places%20with%20security%2C%20they%20talk%20about%20passkeys.%20What%20are%20they%20and%20how%20do%20I%20get%20one"
    },
    {
        "role": "assistant",
        "content": "When people talk about signing in to sites or services with **passkeys**, they\u2019re referring to a modern, more secure alternative to traditional passwords. Below, I\u2019ll explain how passkeys work, why they\u2019re safer, and how *you* can get and use them.\n\n---\n\n## What Are Passkeys\n\n- A passkey uses **public-key cryptography**\u2014two keys are generated:  \n  \u2022 *Private key*: stays securely on your device.  \n  \u2022 *Public key*: stored on the website or service. ([techtarget.com](https://www.techtarget.com/whatis/definition/passkey?utm_source=openai))  \n- To log in, that service sends a \u201cchallenge,\u201d and your device uses the private key to sign it\u2014only after you verify yourself using a PIN, face scan, fingerprint, or your device\u2019s unlock method. The server uses the public key to verify the signature. ([developers.google.com](https://developers.google.com/identity/passkeys?utm_source=openai))  \n- Passkeys aren\u2019t something you remember or type in\u2014they\u2019re stored in your secure device vault (like Secure Enclave on Apple or TPM on Windows). ([passkeys.com](https://www.passkeys.com/what-are-passkeys?utm_source=openai))  \n\n---\n\n## Why Passkeys Are More Secure and Useful\n\n1. **Phishing resistance**  \n   You can\u2019t accidentally entering your passkey on a fake site, because the cryptographic process checks exactly which site/app is asking. This makes tricking you with an imitation site much harder. ([developers.google.com](https://developers.google.com/identity/passkeys?utm_source=openai))  \n\n2. **No shared secrets to steal**  \n   Since passwords are stored (hashed) on servers, breaches can expose them. With passkeys, nobody but your device holds the private key\u2014servers only hold public keys, which are useless on their own. ([techtarget.com](https://www.techtarget.com/whatis/definition/passkey?utm_source=openai))  \n\n3. **Better user experience**  \n   - You don\u2019t need to remember complex passwords.  \n   - Logging in is faster\u2014just unlock your device.  \n   - If your passkeys sync via your cloud account (like with Apple or Google), you can move to a new device and keep using them. ([developers.google.com](https://developers.google.com/identity/passkeys?utm_source=openai))  \n\n---\n\n## What You\u2019ll Need to Use Passkeys\n\n- A device and software version that supports passkeys. For example, recent versions of iOS, Android, Windows, or macOS. ([malwarebytes.com](https://www.malwarebytes.com/cybersecurity/basics/passkey?utm_source=openai))  \n- A browser that supports the WebAuthn / FIDO2 standard (like Safari, Chrome, Edge). ([malwarebytes.com](https://www.malwarebytes.com/cybersecurity/basics/passkey?utm_source=openai))  \n- Biometric or PIN-based unlock (face scan, fingerprint, or local PIN). That\u2019s how you \u201cprove\u201d it\u2019s really you. ([passkeys.com](https://www.passkeys.com/what-are-passkeys?utm_source=openai))  \n\n---\n\n## How to Get a Passkey \u2014 Setup Steps\n\nHere\u2019s how you can start using passkeys with your accounts:\n\n1. **See if the site/app supports passkeys**  \n   When signing up or changing settings, look for something like \u201cUse passkey,\u201d \u201cPasswordless login,\u201d \u201cAdd passkey,\u201d or \u201cSecurity key\u201d options. ([safety.google](https://safety.google/intl/en_us/safety/authentication/passkey/?utm_source=openai))  \n\n2. **Register a passkey**  \n   You\u2019ll be prompted to use your device\u2019s verification (face, fingerprint, PIN). Your device will generate a public/private key pair then register the public key with the service. Private key stays securely on your device. ([developers.google.com](https://developers.google.com/identity/passkeys?utm_source=openai))  \n\n3. **Enable backup or sync (optional but helpful)**  \n   Many platforms let you securely sync your passkeys via your cloud account (Google, iCloud, Microsoft). That helps if you lose or upgrade your device. But be aware: syncing has trade-offs\u2014you should only sync with trusted providers. ([windowscentral.com](https://www.windowscentral.com/microsoft/windows-11/microsoft-finally-makes-passkeys-viable-thanks-to-edge-on-windows-11-you-can-finally-sync-them-across-devices?utm_source=openai))  \n\n4. **Use it to sign in**  \n   Next time you access that site/app, when prompted, choose to use a passkey. Then authenticate using your face, fingerprint, or PIN. No typing of passwords required. ([developers.google.com](https://developers.google.com/identity/passkeys?utm_source=openai))  \n\n5. **Keep backups / recovery methods ready**  \n   If you ever lose your device that holds the passkey and don\u2019t have it synced elsewhere, you may lose access. Many services require you to set up backup methods\u2014like another device, a recovery code, or your password still for emergencies. ([safety.google](https://safety.google/intl/en_us/safety/authentication/passkey/?utm_source=openai))  \n\n---\n\nIf you want, I can walk you through setting up passkeys specifically on *your* device (iPhone, Android, Windows, etc.)\u2014would you prefer that?"
    }
]