Your iPhone stores each passkey using iCloud Keychain. After generating a passkey for a specific app or site, that key is securely saved on your phone for future use. All you need to do to log into an account is authenticate with facial or fingerprint recognition.
From a technical angle, a passkey replaces your password with hidden cryptographic keys. A passkey actually consists of two separate keys, known as a key pair. One key is public and registered with the app or website you’re using. The other key is private and stored only on your mobile device. The key pair seamlessly handles the authentication process between your device and the app or website.
Beyond being simpler and more manageable than passwords, passkeys are designed to be more secure. Using cryptography, the passkeys are strong and built to resist hacking attempts. Each set of passkeys is linked only with a specific app or website, so they can’t be used to sign into a phony app or site. The key never leaves your device, so it can’t be leaked. Plus, the exchange with iCloud Keychain is encrypted end to end so that no one can read it.