Interactive Passkey Sandbox
Welcome to the passkey testing environment. Here, you can test how registration (signup) and assertion (login) feel in practice. Unlike passwords, passkeys use cryptography to sign a challenge from the server, eliminating phishing risks.
Study Instructions: Try creating a new account first, then log out and log back in using your device's passkey authenticator (e.g. Windows Hello, TouchID, FaceID, or a USB security key).
Sign Up (Create Account)
Create a username and bind it to a credential generated securely by your device's hardware.
Log In
Authenticate instantly using your saved passkey. You can type your username to use specific keys, or perform a username-less login to let your device locate the correct key.
Live Authentication Flow
Watch the network sequence and cryptographic checkpoints update in real-time as you authenticate.
Ready to Test
Enter a username on the left and click Register Passkey (or toggle Demo Mode to simulate it) to see a step-by-step explanation of how authentication occurs!
💡 Security & Usability Insights
- No Passwords: You don't need to create or remember complex characters. Passkeys are stored directly on your device.
- Biometric Privacy: Your fingerprint, face scan, or PIN is processed locally on your device. The website and server never see it.
- Phishing Protection: Passkeys are cryptographically locked to this specific domain (localhost), protecting you from fake websites.