nexalign

Glossary term

Passkeys

Also: WebAuthn Passkeys, Discoverable Credentials

Phishing-resistant authentication credentials per WebAuthn/FIDO2 that keep private keys on the device and are unlocked biometrically or by PIN. Replace classic passwords and SMS OTP.

Passkeys use public-key cryptography: the private key never leaves the device (Secure Enclave/TPM); only a signature is sent to the service. Structurally immune to phishing, server database theft and replay.

Sync variants: platform passkeys (iCloud Keychain, Google Password Manager, Microsoft Authenticator) sync via the provider for convenience but introduce vendor lock-in. Hardware passkeys (FIDO2 sticks) do not sync and remain strictly on the hardware token.

Implementation 2026: Apple, Google, Microsoft, GitHub, Cloudflare, Shopify, Amazon and many others natively support passkeys. For regulated workloads, hardware passkeys with attestation review (level 1/2) are state of the art.

Related terms

MFA

Authentication combining at least two factors from knowledge (password), possession (hardware token,

FIDO2

Open authentication standard of FIDO Alliance and W3C, comprising WebAuthn (browser/platform interfa

IAM (Identity and Access Management)

The stack of systems that governs who has access to which systems under which conditions. IAM covers

PAM

Software category for governing privileged access: vault, session management, just-in-time permissio

AI Act Conformity Assessment

Procedure to demonstrate that a high-risk AI system complies with the EU AI Act before being placed

AI Act Risk Categories

Four-tier classification under the EU AI Act: prohibited (Art. 5), high-risk (Annex I/III), limited

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

BAIT

BaFin circular that concretises IT requirements for credit institutions. Specifies MaRisk AT 7.2 for

← All termsBook a demo →