Passkey login is a modern authentication technology that completely replaces passwords and two-factor authentication (2FA). Instead of entering passwords or verification codes, your identity is confirmed using a fingerprint, Face ID, or your device’s PIN code.
Passkeys are supported on:
iPhone/iPad (iOS 16+)
Mac (macOS Ventura 13+)
Android (version 9+)
Windows 10/11 with Chrome and Edge browsers
Password managers: 1Password 8+, Bitwarden, Dashlane
Benefits of using passkeys
Solving common password problems
Weak passwords: You no longer need to create or remember complex passwords. Passkeys eliminate them entirely.
Phishing: Fake websites can’t steal your login credentials, because passkeys only work with the legitimate Maestra website.
Email compromise: Even if someone gains access to your email where authorization codes are sent, they still won’t be able to sign in without your device.
Data leaks: Even if a database is compromised, your passkeys remain safe — they’re stored only on your devices.
Security for your business
Protect customer data from leaks caused by compromised accounts.
Reduce the risk of fines related to personal data leaks.
Safeguard your company’s reputation.
Maintain control over account access.
How it works
Passkey login doesn’t work if single sign-on (SSO) enforcement is enabled.
When you set up passkey authentication, a pair of keys is created:
Private key — stored securely on your device.
Public key — stored on Maestra’s server.
When you log in, your device “signs” a request using its private key. The server verifies this signature using the public key. The private key is not transferred over the Internet and does not leave your device. Even if someone intercepts the data or compromises the server, they won’t be able to access your account.
Each website receives a unique key, so compromising one doesn’t affect others.
Passkeys are tied to the maestra.io domain and won’t work on fraudulent websites.
The private key is encrypted on your device and protected by your biometric data.
Even if the public key stored on the server is compromised, attackers still can’t access your account.
Where can a passkey be stored?
In the Keychain (for Mac/iPhone): Automatically syncs across all your Apple devices linked to the same account.
On your phone (Apple/Android): Stored locally on your phone. You can sign in by scanning a QR code and confirming access with the passkey saved on your phone. On Apple devices, the QR code is scanned with the camera; on Android, with the Google Authenticator app (install it in advance).
In Google Password Manager: Works across all devices where you’re signed into your Google account. If your current device isn’t logged into your account, you can still sign in using your phone. Choose “Use a phone, tablet, or passkey”, scan the QR code, and confirm access using the passkey stored in Google Password Manager.
In your Chrome profile: The passkey is stored on a single device within the Google Chrome browser.
In Windows Hello: Works across all devices connected to your Microsoft account, or can be stored locally on one device.
In password managers: 1Password, Dashlane, Bitwarden, and others — allowing you to use passkeys across any of your devices.
If a team member loses access to all devices where their passkeys are stored, the project owner, administrator, or another user with the appropriate permissions can restore their access.