Passkeys are a form of passwordless user authentication for websites and apps, that is designed to provide a high level
of security by leveraging public key infrastructure. Unlike passwords, no shared secret is exchanged between the user
and a service. Instead, the public key is sent to the server, while the private key is stored in the user’s device.
To verify the user’s identity, users can use biometric data, such as a fingerprints or facial recognition, instead of
relying on a user-generated password. This makes it much more difficult for attackers to gain unauthorized access to an
account, as passkeys are two-factor-authentication (2FA) by default. Concisely, they avoid a range of
password-based attacks, including phishing, by providing an additional layer of security.
A simple PHP WebAuthn (FIDO2/Passkey) server library
Web Authentication for PHP
PHP Symfony repository of a sample app that offers passkey authentication.
Passkey Complete for PHP - Integrate into your PHP API or service to enable a completely passwordless standalone auth solution with Passage by 1Password
Basic integration for Passage - passwordless authentication powered by passkeys
A PHP example app using Symfony and Hanko for authentication
PHP SDK for SnapAuth
Complete tutorial for the integration of the Corbado web component for passkey-first authentication using PHP Symfony.
A simple solo-function app, protected with passkeys, for letting me and a friend keep track of who pays for the popcorn and sodas next time we go to the cinema