🔑

Passkey Usability Lab

A Usability Study of Passkeys for Authentication: A Comprehensive Look at the User Experience

Secure Local Node

Interactive Passkey Sandbox

Welcome to the passkey testing environment. Here, you can test how registration (signup) and assertion (login) feel in practice. Unlike passwords, passkeys use cryptography to sign a challenge from the server, eliminating phishing risks.

Study Instructions: Try creating a new account first, then log out and log back in using your device's passkey authenticator (e.g. Windows Hello, TouchID, FaceID, or a USB security key).

1

Sign Up (Create Account)

Create a username and bind it to a credential generated securely by your device's hardware.

2

Log In

Authenticate instantly using your saved passkey. You can type your username to use specific keys, or perform a username-less login to let your device locate the correct key.

Live Authentication Flow

Watch the network sequence and cryptographic checkpoints update in real-time as you authenticate.

💻
Browser
🔒
Authenticator
☁️
Server
Idle State: Waiting to start a Passkey registration or login.
IDLE

Ready to Test

Enter a username on the left and click Register Passkey (or toggle Demo Mode to simulate it) to see a step-by-step explanation of how authentication occurs!

💡 Security & Usability Insights
  • No Passwords: You don't need to create or remember complex characters. Passkeys are stored directly on your device.
  • Biometric Privacy: Your fingerprint, face scan, or PIN is processed locally on your device. The website and server never see it.
  • Phishing Protection: Passkeys are cryptographically locked to this specific domain (localhost), protecting you from fake websites.