Add a public doc for passkeys for testnet launch (#21374)

## Description 

Adding a public doc for passkeys for testnet launch. It's a high-level
doc that links to the relevant to the TS SDK doc and the SIP.

## Test plan 

@joyqvq has done the relevant dev testing, and beyond that we've tested
the feature in devnet using a sample app and a community-built app.

---

## Release notes

Check each box that your changes affect. If none of the boxes relate to
your changes, release notes aren't required.

For each box you select, include information after the relevant heading
that describes the impact of your changes that a user might notice and
any actions they must take to implement updates.

- [ ] Protocol: 
- [ ] Nodes (Validators and Full nodes): 
- [ ] gRPC:
- [ ] JSON-RPC: 
- [ ] GraphQL: 
- [ ] CLI: 
- [ ] Rust SDK:

---------

Co-authored-by: Abhinav Garg <abhi.garg@mystenlabs.com>
Co-authored-by: ronny-mysten <118224482+ronny-mysten@users.noreply.github.com>

docs/content/concepts/cryptography.mdx

@@ -14,10 +14,16 @@ Go to [Transaction Authentication](./cryptography/transaction-auth.mdx).
 
 ## zkLogin
 
-zkLogin is a Sui primitive that enables you to send transactions from a Sui address using an OAuth credential, without publicly linking the two. zkLogin provides a description of the primitive and how to implement it.
+zkLogin is a Sui primitive that enables you to send transactions from a Sui address using an OAuth credential, without publicly linking the two.
 
 Go to [zkLogin](./cryptography/zklogin.mdx).
 
+## Passkey
+
+Sui supports the passkey signature scheme that enables you to sign-in to apps and sign transactions for Sui using a private key securely stored on a passkey authenticator. It uses the WebAuthn standard.
+
+Go to [Passkey](./cryptography/passkeys.mdx).
+
 ## Related links
 
 - [Cryptography guides](../guides/developer/cryptography.mdx): See the cryptography guides for instruction on applying these concepts.

docs/content/concepts/cryptography/passkeys.mdx

@@ -0,0 +1,56 @@
+---
+title: Passkey
+description: Sui supports the passkey signature scheme that enables you to sign-in to apps and sign transactions for Sui using a private key securely stored on a passkey authenticator. It uses the WebAuthn standard.
+---
+
+Passkey provides a secure and user-friendly alternative for submitting transactions to Sui. Built on the **WebAuthn standard**, passkey lets users authenticate and sign transactions using:
+
+- Hardware security keys, such as YubiKeys
+- Mobile devices, such as smartphones and tablets
+- Platform-based authenticators, such as Face ID and Touch ID
+
+Passkey simplifies authentication by removing the need to manage seed phrases or private keys manually. Instead, they rely on device-based authentication and cloud synchronization, allowing seamless, phishing-resistant access across multiple devices.
+
+By supporting the passkey signature scheme, Sui improves security and accessibility, making it easier for users to manage their accounts with hardened security. Passkey-based wallets are also tied to the origin, meaning they can’t be phished or used on a different site, which makes it a more secure authentication option.
+
+Refer to the [Typescript SDK support](https://sdk.mystenlabs.com/typescript/cryptography/passkey) on how to add passkey support to your application. For product specification, refer to [SIP-9](https://github.com/sui-foundation/sips/blob/main/sips/sip-9.md).
+
+:::info
+Passkey support is available in beta in Sui Devnet and Testnet. The Mainnet release is yet to be scheduled.  
+::: 
+
+## Benefits of using passkey
+
+**Sign transactions seamlessly**
+
+Users can sign transactions in Sui using passkey, where the passkey private key stays securely stored within the authenticator, reducing the risk of key extraction attacks.
+
+**Authenticate across devices**
+
+Users can approve transactions on their mobile phones by scanning a QR code from a desktop browser. Cloud-synchronized passkey (such as those stored in Apple iCloud or Google Password Manager) lets users authenticate across multiple devices without manual key transfers.
+
+**Use hardware security keys**
+
+Users can sign transactions with external security keys, such as YubiKeys, to add an extra layer of protection against phishing and unauthorized access.
+
+**Authenticate with platform-based security**
+
+Users can sign transactions directly on devices with built-in authenticators (such as Face ID on iPhones or Windows Hello on Windows PCs). This approach lets users sign transactions natively without needing an external security key.
+
+**Recover access and secure accounts with cloud-synced passkey**
+
+Cloud-synced passkey helps users recover access if they lose a device.
+
+## Limitations of passkey
+
+**Passkey functionality varies by authenticator**
+
+Some security keys do not support biometric authentication, requiring users to enter a PIN instead. Also, because WebAuthn does not provide access to private keys, users must store their passkey securely or enable cloud synchronization for recovery.
+
+**Cloud synchronization introduces potential risks**
+
+Cloud-synced passkey improves accessibility but also create risks if a cloud provider is compromised or if a user loses access to their cloud account. Users who prefer full self-custody can rely on hardware-based passkey that does not use cloud synchronization.
+
+**Passkey cannot be exported**
+
+Users cannot transfer a passkey between different authenticators. For example, a passkey created on a security key cannot move to another device unless it syncs through a cloud provider. To avoid losing access, users should set up authentication on multiple devices.

docs/content/sidebars/concepts.js

@@ -110,6 +110,7 @@ const concepts = [
 				],
 			},
 			'concepts/cryptography/zklogin',
+			'concepts/cryptography/passkeys',
 			'concepts/cryptography/system/checkpoint-verification',
 			/*{
 				type: 'category',