Striking a balance between security and simplicity often feels like walking a tightrope. But with recent improvements in authentication methods, we're getting closer to a point where we don't have to choose one over the other. For the first time, passkeys (e.g., FaceID and TouchID) bring the best of both worlds.
Today, we're thrilled to unveil our mobile-first embedded wallet using passkeys (See a demo here). This solution is tailored for builders of mobile-first experiences and Progressive Web Apps (PWA).
- Dynamic is launching passkey embedded wallets! See a demo here.
- Passkeys are a new type of passwordless authentication, championed by Apple and Google.
- The solution is optimized for mobile experiences and PWAs.
- This is the first of multiple embedded wallet features; stay tuned.
- We are rolling this feature out in the coming weeks. Ping us for early access.
- You can see the technical docs here, and book a live demo with us here.
What are passkeys?
Passkeys are a new type of passwordless authentication designed to be more secure and convenient than traditional passwords. They are based on the Web Authentication (WebAuthn) standard, which uses public key cryptography to create a secure link between a user's device and a website or app. They were developed by the FIDO alliance (made up of companies like Apple, Google, Microsoft, Amazon, 1Password, among others).
Unlike traditional passwords, which create friction and pose phishing risks, passkeys leverage a familiar pattern of using a biometric (FaceID, or TouchID) to securely create and store a credential to the user’s device.
How Dynamic is using passkeys
Dynamic uses Turnkey’s non-custodial infrastructure that requires users to authenticate to their private key using passkeys. Specifically, this ensures that your users are in control of their private keys by leveraging secure enclaves. By simple analogy, passkeys and secure enclaves are similar to a safety deposit box vault. That is, your end users have a key to access their locked box (i.e., wallet), while enjoying the benefits of having the box secured with vault-level security. The safety deposit box is inside the vault, but only the end user, with their key, can access the contents inside the box. Learn more about this non-custodial setup in Turnkey’s documentation.
After authenticating via email or social, users are prompted to create a passkey with their device (e.g., biometrics). This grants them a wallet and enables transaction signing with that passkey. The wallet’s private key is encrypted at rest, and only decrypted within Turnkey’s secure enclaves with a signature from the user’s passkey.
How does recovery work?
Passkeys come with some really cool built in recovery options, especially when used with your phone (which is how it's used in our implementation). Passkeys are tied to your Apple iCloud (iPhone), Google Password manager (Android) or cross-platform solutions like 1password. That means that if you lose your phone, your passkeys still exist on your account, and will show up automatically when logged in with the same use on a new device. In other words, as long as you have access to your Apple or Google accounts, you will have access to your passkeys.In addition, we're working to add other recovery methods. More from us on that front soon!
Are embedded wallets custodial or non-custodial?
Our embedded wallet offering is non-custodial.
Can the wallet be used across devices and browsers?
Yes. The end-user can use their passkey across devices and browsers as it synced with keychain like iCloud.
Can I pair this with Account Abstraction?
Yes! Instead of spinning up an EOA wallet, you can leverage our account abstraction integrations from providers such as ZeroDev to turn your wallet into a smart contract wallet.
How do passkeys protect against sim swapping and phishing attempts?
Passkeys come with multiple built in security benefits. Specifically, unlike a password or passcode, a user doesn’t have to remember information with a passkey, and that information can’t be phished from the user. In addition, because passkeys are tied to your iCloud or Google accounts, they are protected by Apple and Google’s security. Even if your sim gets swapped, an attacker would farther have to gain access to your iCloud account or Google keychain in order to get access to your passkey