Passkeys

Passkeys (WebAuthn/FIDO2) provide a phishing-resistant way to confirm high-impact actions inside embedded wallet flows.

What passkeys are used for

Use passkeys to protect actions that are dangerous if clicked through accidentally or under social pressure:

• Confirming large transfers as dictated by the Policy Engine.
• Enabling recovery mechanisms.
• Rotating recovery parameters (timelock duration, recovery destination, guardian set, thresholds).
• Generating / re-generating a fallback recovery artifact.

Example: confirming fallback recovery setup

A common pattern (mirroring the UI flow in the reference design) is:

1. Wallet is created.
2. User is prompted to set up fallback recovery.
3. The app explains what will happen:
   • The user signs a recovery transaction that is not submitted now.
   • The transaction is stored off-chain for a limited validity window (e.g., 90 days).
   • It can only be used after a manual identity check.
4. User reviews the summary (“from wallet → recovery destination”, “all funds”, “not submitted now”).
5. User confirms via passkey.

UX guidelines

• Explain the consequences in plain language. If a fallback transaction could transfer all funds, say so.
• Show timing constraints clearly. Timelock duration, validity window, and renewal reminders.
• Require user acknowledgment (checkbox) before the passkey prompt.
• Prefer “Confirm using passkey” to generic “Continue.”

Next

• Policy Engine
• Recovery