Passkeys

Get familiar with ZKsync SSO passkeys.

Passkeys are a core feature supported by ZKsync SSO that enable secure, passwordless authentication for users interacting with applications on the ZK Chain. Stored on users' devices, these passkeys make for a self-custodial and secure solution to private key management. This standard also supports biometric authentication methods like Face ID and fingerprint recognition, utilizing the secp256r1 elliptic curve via native precompile in ZKsync.

What are Passkeys?

Passkeys are digital credentials that eliminate the need for traditional passwords by using asymmetric cryptography for authentication. They consist of a key pair:

  • Private Key: Stored securely on the user's device (e.g., in a secure enclave or Trusted Platform Module) and never leaves the device.
  • Public Key: Shared with the relying party (ZKsync SSO Auth Server and associated smart contracts) during registration.

Passkeys are based on the WebAuthn API and the FIDO2 standards, which support various authenticators like built-in device biometrics (fingerprint sensors, facial recognition) or external hardware security keys (YubiKey, SoloKeys). This ensures a high level of security and a seamless user experience.

Managing Passkeys in Development

You can manually delete individual passkeys in your OS. For example, in Chrome browser you can navigate to chrome://settings/passkeys to edit or delete your passkeys.

If you are signed in to SSO with a passkey that you deleted, make sure to click the icon in the top right corner of the SSO popup window. This will allow you to be able to sign up again and generate a new passkey.

Sessions

Get familiar with ZKsync SSO sessions.

Account Modules

Get familiar with ZKsync SSO smart account modules.

Made with ❤️ by the ZKsync Community