Passkeys — Silicon Secure Docs

What Is a Passkey?

A passkey is a cryptographic credential that replaces a password entirely. Instead of a string you type and remember, a passkey is a public/private key pair — the private key lives in your vault, and the website stores the corresponding public key. When you sign in, the site sends a challenge; Silicon Secure signs it with your private key; the site verifies the signature with the public key. No password travels over the network, and there's nothing to phish or leak.

Passkeys are based on the WebAuthn (FIDO2) standard and are supported by a growing list of major services including Apple, Google, Microsoft, GitHub, PayPal, and many others.

💡

Passkeys are phishing-resistant

Because a passkey is bound cryptographically to the specific website it was created for, it can't be tricked into signing in to a fake lookalike site. This makes them significantly more secure than passwords — even strong ones.

Creating a Passkey on a Website

When a supported website offers "Create a passkey" or "Add a passkey" in its security settings, iOS will present a system prompt asking which password manager to use. Select Silicon Secure and authenticate with Face ID or Touch ID. The passkey is generated on-device and saved to your vault automatically — you don't need to do anything manually inside the app.

Go to the site's security settings

In Safari, navigate to the website and find its security or account settings. Look for "Passkeys," "Sign-in options," or "Two-factor authentication."
Tap "Create a passkey" or "Add passkey"

The website will initiate the WebAuthn registration flow. iOS will display a sheet asking where to save the passkey.
Select Silicon Secure and authenticate

Choose Silicon Secure from the list of available credential providers. Authenticate with Face ID or Touch ID to confirm. The passkey is created and stored in your vault.

ℹ️

Silicon Secure must be enabled as an AutoFill provider

For passkey creation and use to work, Silicon Secure must be selected as a credential provider in iOS Settings → Passwords → AutoFill Passwords & Passkeys. See the iOS AutoFill guide for setup instructions.

Signing In With a Passkey

When you visit a site you've created a passkey for and tap the sign-in field, iOS will suggest your passkey from Silicon Secure. Tap the suggestion and authenticate with Face ID or Touch ID — you're signed in. No username, no password, no 2FA code.

If the passkey suggestion doesn't appear automatically, look for a "Sign in with passkey" button on the login page, or tap the key icon in the keyboard toolbar.

Viewing Stored Passkeys

Passkeys are displayed as a distinct entry type in your vault list (identified by the passkey icon 🪪). Open a passkey entry to see which website it's linked to, the username or display name associated with it, and when it was created.

You cannot export or copy the private key from a passkey entry — by design, the private key never leaves Silicon Secure in plain form. If you need access on another device, make sure iCloud sync is enabled so passkeys replicate across your Apple devices.

Deleting a Passkey

Open the passkey entry and tap Edit, then Delete Entry. This removes the passkey from Silicon Secure's vault. Note that deleting the passkey in Silicon Secure does not automatically revoke it on the website's side — visit the site's security settings to remove the passkey there as well if you no longer want it to be valid.

Technical Details

Silicon Secure implements passkey storage using the P-256 elliptic curve (ECDSA with SHA-256), which is the standard curve used by WebAuthn. The private key is stored as part of the encrypted vault entry using AES-256-GCM. All cryptographic operations happen on-device using Apple's CryptoKit framework. The private key never leaves the app in unencrypted form and is never transmitted to any server — including Apple's servers — unless you export your vault.