Skip to contentSkip to navigationSkip to topbar
Twilio Docs
Page tools
On this page
Looking for more inspiration?Visit the

Verify Passkeys Overview

(new)

Beta

Verify Passkeys is in private beta. The information in this document could change. We might add or update features before the product becomes Generally Available. Beta products don't have a Service Level Agreement (SLA). Learn more about beta product support(link takes you to an external page).

What are Passkeys

what-are-passkeys page anchor

Passkeys, also known as FIDO/WebAuthn, is an industry-standard(link takes you to an external page) authentication method that is more seamless and secure than passwords. Many consumer apps are adding support for Passkeys, including Google making Passkeys its default sign-in option.(link takes you to an external page)

Sign in screen for OwlBank with options for Face ID or another device, displaying a saved passkey for a phone number.

Twilio Verify's support for Passkeys

twilio-verifys-support-for-passkeys page anchor

Verify enables developers to easily add Passkeys into their existing authentication flows. The Verify API supports passkey registration, public key storage, and auth flows.

Verify Passkeys also offers client-side supported SDKs for iOS and Android that helps you verify users by adding a low-friction, secure, cost-effective, device approval factor into your own mobile application. Get early access to the SDKs.

Twilio is a member of the FIDO alliance(link takes you to an external page) that created the Passkeys standard.

Start building

start-building page anchor
  • Technical overview
  • Quickstart

FAQs

faqs page anchor

How are users handled?

how-are-users-handled page anchor

A user is represented as an Entity within Verify Passkeys. We advise using an immutable user identifier such as a system UUID, GUID, or SID for the identity property of an Entity so that no PII is stored. See Entity API for more details.

You can fetch an Entity by its identity property, but the control and storage of the identity relation with the user must be managed on your end.

The Factor API also doesn't store any kind of user information or PII.

Is it possible to use the same passkey on two or more devices?

is-it-possible-to-use-the-same-passkey-on-two-or-more-devices page anchor

Yes, like passwords, passkeys can be stored in a password manager or Apple keychain. If a user creates a passkey and stores it on a password manager, this passkey will be available on other user's devices as long as the user uses the same password manager account.

Why passkeys are more secured than passwords?

why-passkeys-are-more-secured-than-passwords page anchor

Passkeys are encrypted with a private key and don't leave the user's device (or password manager), unlike passwords that are stored in a central database. Passkeys are also unique and bound to the user and to the website or application, and can't be reused by the user for different websites. The fact that passkeys are bound to the website or application makes them resistant to phishing attacks.

How should users with multiple authentication factors on a single device be handled?

how-should-users-with-multiple-authentication-factors-on-a-single-device-be-handled page anchor

The browser or the application will present the user the available passkey/s on the device the user use for that application or website. In case of multiple passkeys, the user is free to select the passkey they want to use.