Skip to main content

How Passkeys Work

Learn how passkeys use cryptographic key pairs and biometric authentication to provide secure, phishing-resistant access to your Kuda Business account without passwords.

Nosa O avatar
Written by Nosa O
Updated over a week ago

Understanding how passkeys work is easier when you think about physical keys and locks. Here's what happens when you set up and use a passkey:

Setting Up Your Passkey (Creating the Key and Lock)

When you create a passkey for your Kuda Business account, something interesting happens on your device. Your phone creates a special pair: a private key (think of this as your house key that never leaves your pocket) and a public key (think of this as a lock you're giving to Kuda Business).

The crucial part? Your private key never travels anywhere. It stays locked in a special vault inside your device called the secure enclave - imagine a safe within your phone that has strict rules about what can get in and out. Meanwhile, Kuda Business receives and stores only the lock (the public key).

Logging In (Proving You Have the Key)

When you want to access your Kuda Business account, here's what happens behind the scenes. Kuda Business sends your device a challenge - think of it like a locked box they're asking you to open. Your device asks you to prove you're really you by using Face ID, your fingerprint, or your PIN. This is like proving to your own safe that you're authorized to use what's inside.

Once you've proven your identity to your device, the private key inside that secure vault unlocks the challenge (opens that locked box). Your device sends back the proof that you successfully unlocked it. Kuda Business then checks this proof using the public key (the lock) they have on file. If it matches, you're in.

The beautiful part? Your actual private key never left your device. You proved you have the key without ever showing the key itself to anyone.

Why Face ID or Your PIN Every Time?

You might wonder why you need to use Face ID or your PIN each time you log in, even though the private key is already on your device. Think about it this way: if someone borrowed your unlocked phone, should they be able to access your business finances? Of course not. Requiring Face ID or your PIN each time creates a final security checkpoint - even if someone has your unlocked device, they still can't tell your device's secure vault to use the private key without your face or PIN.

Syncing Across Your Devices

When you use iCloud Keychain (on Apple devices) or Google Password Manager (on Android), your private keys are encrypted before they leave your device and sync to your other devices. It's like making copies of your house key but putting each copy in its own locked container before transporting it. Only your authorized devices can unlock these containers and use the keys inside.

Related Articles
Passkeys on Kuda Business
Switching Devices with Passkeys
Passkeys FAQ – Everything You Need to Know
Troubleshooting Passkey Issues on Kuda Business
Setting Up Passkeys on Kuda Business
Did this answer your question?