Device-bound Passkeys Extra Quality ★ Full

When you log in, the server sends a challenge to your device. Your device uses the private key to sign the challenge and sends it back. The server verifies the signature using the public key. At no point is a secret transmitted over the network. This effectively kills phishing because there is no password for a hacker to trick you into typing on a fake website.