Cyber Doc logo Cyber Doc
Cybersecurity Term

What are passkeys?

A newer sign-in method that can reduce password theft by using trusted devices or security keys.

Passwords & Access Last reviewed: 2026-05-20

← Back to Learn Centre

What are passkeys?

Passkeys are a newer way to sign in without typing a traditional password. They use your device, browser, or security key to prove it is really you.

Simple example

A user signs in to an account by approving the login with Windows Hello, a phone, or a security key instead of typing a password.

Why it matters

Passkeys can reduce phishing and password reuse risk because there is no normal password to steal or reuse.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Use passkeys where important services support them.
  • Keep backup sign-in and recovery methods secure.
  • Protect devices with screen locks and updates.
  • Use managed accounts for business systems where possible.
  • Document recovery steps for business-critical accounts.

Reactive steps

  • If a device with passkeys is lost, revoke or remove that device from accounts.
  • Review account recovery methods.
  • Change fallback passwords if they exist.
  • Check recent sign-in activity.
  • Use admin controls to reset access where possible.

Related terms

  • Multi-factor authentication
  • Password manager
  • Credential theft