Passkeys

Passkeys are a modern and particularly secure form of authentication on the internet. Unlike traditional passwords or one-time codes, passkeys are based on cryptographic key pairs that are created automatically and stored securely on your devices. This protects you from phishing, keyloggers, and data leaks.

Note: Passkeys are based on the FIDO standard (FIDO2/WebAuthn).

Important to know: In our system, we use passkeys as a second factor in addition to your username and password, not as a replacement for your password.

What are passkeys?

A passkey consists of a key pair: a private key that remains stored exclusively on your device, and a public key that is stored with the service provider (e.g., with us). When you sign in, the server requests a confirmation using the public key. Your device uses the private key to approve the sign-in without the private key ever leaving the device.

Logging in with passkeys is typically convenient via a biometric method (fingerprint, face recognition) or via the device lock (PIN, pattern).

Why use passkeys?

Passkeys offer a range of advantages over classic two-factor authentication (2FA) methods:

  • Phishing protection: Because no codes or passwords are transmitted, attackers cannot intercept or steal them.
  • Convenience: Instead of entering a code manually, a quick fingerprint scan or a look at the camera is sufficient.
  • Device-level security: The private key remains securely stored on your device.

In everyday use, this means: With passkeys you secure your access with minimal effort and maximum protection.

Which devices can use passkeys?

Whether you can use passkeys depends on whether your operating system and browser support this technology.

  • Windows (with Windows Hello)
    • Supports passkeys directly via modern browsers such as Firefox, Chrome, or Edge.
    • Windows Hello enables sign-in via fingerprint, face recognition, or PIN.
    • Passkeys are stored securely in the system and can be used across devices if a Microsoft account is connected.
  • macOS and iOS (iPhone, iPad)
    • Passkeys are fully integrated into macOS and iOS.
    • Keys are stored in iCloud Keychain or the Passwords app and automatically synchronized to your other Apple devices.
    • Login is convenient via Face ID, Touch ID, or the device lock.
  • Android
    • Android supports passkeys system-wide.
    • Keys are stored in Google Password Manager and can be synchronized across devices.
    • Login usually happens via the fingerprint sensor or the device lock.
  • Linux (e.g., Ubuntu)
    • Support is currently still limited.
    • Ubuntu and other Linux distributions do not yet offer native, system-wide passkey integration.
    • However, passkeys can be used with the help of password managers (e.g., 1Password, Bitwarden, KeePassXC with browser extension), as these integrate passkey functionality directly into the browser.

In summary: On smartphones and modern desktop systems, usage is usually straightforward; on Linux you currently still need a small helper tool.

How does signing in with passkeys work?

  • Setup
    • When you activate a passkey in our webmail settings, it is created on your device. The public key is transmitted to our service, the private key remains safely with you.
  • Login
    • You enter your username and password as usual.
    • The passkey is requested as the second factor.
    • You confirm the sign-in via your device lock or a biometric prompt.
  • Verification
    • The device cryptographically signs the sign-in using the private key.
    • The server verifies the signature with the public key and grants access.

For you this means: No typing of codes, no fear of typos, no way for attackers to guess your passkeys.

Passkeys and two-factor authentication

While many services already use passkeys as a complete replacement for passwords, we currently and deliberately use them as a second factor alongside username and password. This further increases security: Even if your password is compromised, access is not possible without the matching passkey.

Practical tips for working with passkeys

  • Create backup options: Even though passkeys are usually synchronized in the cloud (iCloud, Google, Microsoft), you should set up additional second factors and/or keep your backup codes.
  • Use a password manager as a complement: If your system does not support passkeys directly, a password manager is a reliable alternative.
  • Register multiple devices: If possible, set up passkeys on multiple devices (e.g., smartphone and laptop). This keeps you operational if one device fails.
  • Check regularly: Make sure your devices have the latest updates installed to ensure full support for passkeys.
High level of security

TLS Secured
All mail.de websites are TLS-encrypted.
All protocols are available encrypted.
Verified data protection

DATATREE AG
Our Products
Service
About mail.de

All rights reserved. ©2009-2025 by mail.de GmbH