Passkey

Circle's Passkey enables the integration of secure smart contract functionality through the WebAuthn standard. By using the Passkey as a signer, it simplifies user onboarding and enhances the signing experience. Passkey also offers a secure and seamless way to manage private keys, allowing your users to interact with smart contracts safely and efficiently.

Passkeys simplify private key management in Web3, improving user experience. Users no longer need to handle private keys directly or worry about losing their 12-word seed phrase, which could result in lost funds.

A passkey is a cryptographic key pair generated and securely stored on user devices, such as laptops, phones, or password managers like 1Password. Unlike passwords, passkeys cannot be shared and are resistant to phishing and breaches.

• Faster Registration and Login. Users can register and log in using biometric authentication, such as Face ID or fingerprints.
• Ease of Use. Passkeys sync with password managers like iCloud Keychain, Google Password Manager, or 1Password, allowing seamless access across devices within the same ecosystem.
• Cross-Device Usage. Passkeys can be used across different ecosystems via Bluetooth. For example, users can sign in on another device by scanning a QR code with their phone, as long as the phone is near the laptop and the user approves the sign-in on their phone.
  Note: If you sign in on the same device where the passkey was created, the device will prompt you to authenticate using biometrics — no Bluetooth required. For more details, see this guide.

Circle’s Passkey feature is built using Smart Contract Passkey alongside webAuthnAccount. A dedicated Passkey Server is implemented to enable secure registration and authentication processes through the WebAuthn standard.

• Smart Contract Passkey. A digital key that authorizes blockchain transactions, ensuring only authorized users can execute actions.
• WebAuthnAccount. WebAuthn is a web standard for secure authentication using public key cryptography instead of passwords. WebAuthnAccount connects to Circle’s Passkey Server to retrieve passkeys registration and login credentials, enabling the generation of passkeys and performing signing operations.

Passkeys use the secp256r1 curve for generating signatures. When invoking webAuthnAccount, the signing methods return both the signature and the associated WebAuthn data.

As passkeys replace traditional private keys in Web3 authentication, having a reliable backup and recovery strategy becomes essential. This section explains how passkeys are synchronized across user devices and what fallback options Circle provides in case users lose access to their original passkey, including support for recovery keys with secure, self-custodial properties.

Passkeys are natively synchronized across user devices via secure cloud storage services like Apple iCloud Keychain or Google Password Manager, ensuring convenience and accessibility. However, device-bound passkeys (for example, YubiKey) do not support synchronization, as they remain exclusive to the device where they were created. This offers higher security but less convenience:

• Apple iCloud Keychain. Syncs passkeys across Apple devices as long as the user is signed in with their Apple ID.
• Google Password Manager. Enabled by default as a passkey provider on Android, and accessible in Chrome and other supported browsers.

Despite these measures, users may accidentally erase their passkey setup or lose a hardware security key. To address this risk, Circle provides an additional recovery method to ensure continued account access. For more details and sample code, visit the How to set up passkey recovery guide.

Explore the following resources to integrate the Passkey functionality into your Web3 applications:

• Modular Wallets Quickstart showcases how your app users can authenticate using a passkey.
• Sample App in the Modular Wallet Web SDK (and the Mobile SDKs) provide implementation examples.