[AIP-66][Discussion] Passkey Accounts

[hariria]

AIP Discussion

This AIP proposes the first WebAuthn Authenticator for Aptos, enabling users to utilize passkeys and other WebAuthn credentials for transaction authentication.

Passkeys are designed to replace passwords as a phishing resistant, faster, and more secure form of user authentication. When a user registers a passkey, a new website-specific public key credential is created on their device's authenticator. WebAuthn Authenticators securely store passkeys and enable users to access them via authorization gestures like Face ID or Touch ID. In future sessions with that website, the passkey can be used instead of a password to produce a digital signature that validates the identity of the user.

On Aptos, passkey transactions are authenticated via a WebAuthn-specific AccountAuthenticator. Aptos currently supports NIST P256 (secp256r1) as the only valid WebAuthn signature scheme because of its broad support across most modern operating systems. The WebAuthn AccountAuthenticator enables Aptos users to sign and submit transactions with any compatible WebAuthn credential, including multi-device credentials registered on iOS, MacOS, and Android devices, as well as single-device, hardware-bound credentials on devices like Yubikeys.

Read more about it here: https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-66.md