Passkeys represent a transformative step forward in authentication, eliminating passwords to deliver a phishing-resistant and user-friendly login experience. However, they are not a silver bullet. Attackers are increasingly turning to social engineering tactics, such as targeting help desks or exploiting gaps in recovery processes, to bypass even the most advanced authentication solutions.

This session will explore how pairing passkeys with real-time identity verification creates a comprehensive, layered approach to modern authentication challenges. We’ll dive into the technical mechanics of how passkeys work, from FIDO protocols to their reliance on device-based cryptographic credentials. Then, we’ll examine where identity verification fills critical gaps, such as establishing trust during passkey registration, ensuring secure account recovery, and verifying identity during high-risk access requests.

Using real-world examples, we’ll also demonstrate how this combination thwarts sophisticated social engineering attacks, from impersonation attempts to help desk exploits. Finally, we’ll provide technical guidance on integrating identity verification and passkeys into existing workflows, addressing challenges like user adoption, enrollment, and recovery scenarios.

Attendees will leave with a deep understanding of how these technologies work together to mitigate emerging threats while delivering secure, seamless access for users.