Skip to main content

Biometrics

Passkey private keys are protected by the device on which they reside, typically in a hardware security module. When requesting passkey authentication you can also tell the device that it should verify the user locally, a process known as user verification. Devices will typically verify the user using biometrics, although this isn't guaranteed.

You can request user verification by passing an option to the register or authenticate functions:

await authenticatePasskey({ ... userVerification: 'required' })

Please see section on user verification to learn about the different verification levels and learn which one best fits your use case.