Definition
A passkey is a phishing-resistant sign-in credential based on public-key cryptography, with the private credential protected by a user device or provider.
In market context
The service stores a public key, while authentication requires the corresponding private key and typically a local device unlock such as a PIN or biometric. Because the credential is bound to the legitimate site, a fake domain cannot simply collect a reusable secret. Security still depends on device protection, account recovery, synchronization arrangements, and prompt removal of access from lost or untrusted devices.
Source
Use the primary source for fuller regulatory or market context.
