Sui Introduces Passkey: Seamless Web3 Onboarding and Developer Integration

The Sui ecosystem has unveiled passkey support on Mainnet, a breakthrough designed to make Web3 access as simple as logging into your favorite mobile app. With passkey, users can sign in using familiar methods like Face ID, fingerprint recognition, or a device passcode, eliminating the need for browser extensions, seed phrases, or complicated setup flows.

This isn’t just a quality-of-life upgrade. It represents a paradigm shift in blockchain usability, aligning the Sui experience with the same authentication standards that already power billions of daily logins across the internet.

---

What is a Passkey?

A passkey is a cryptographic credential that leverages device-native authentication. Instead of managing private keys or recovery phrases, users access applications with biometrics or passwords already supported by their phones, laptops, or hardware devices.

• Built on open standards: Passkey follows the FIDO Alliance and W3C WebAuthn specifications.
• Widely supported: Apple, Google, and Microsoft all support passkeys across their platforms.
• Secure and recoverable: Because credentials can be cloud-synced, users can restore access when switching devices—without awkward recovery phrases.

By integrating this model, Sui makes blockchain access feel familiar, intuitive, and as frictionless as signing into a banking or email app.

---

Why Passkey Matters

For Users

Passkey removes many of the biggest barriers to blockchain adoption:

• No more seed phrases to memorize.
• No browser extensions to install.
• Authentication flows that feel just like Web2 apps.
• Enhanced recovery thanks to cross-device syncing.
• Support for advanced setups like multisig wallets or pairing passkeys with zkLogin for layered security.

The experience is especially powerful on mobile, where the complexity of traditional wallets has long been a blocker to mainstream adoption.

For Developers

Passkey also reshapes the developer landscape:

• Direct integration: Apps no longer need to depend on third-party wallets for onboarding.
• Lightweight setup: Passkey support is built into the Sui TypeScript SDK.
• Advanced capabilities: Developers can enable QR-based cross-device login, multisig authentication, and native biometric login.
• Better retention: Reducing setup friction lowers user drop-off rates during onboarding.

---

Building with Passkey on Sui

The Sui TypeScript SDK introduces the PasskeyKeypair class to make integration straightforward. Developers can create, recover, and use passkeys with just a few lines of code.

Importing the PasskeyKeypair

import {
	BrowserPasskeyProvider,
	BrowserPasswordProviderOptions,
	PasskeyKeypair,
} from '@mysten/sui/keypairs/passkey';

Creating a New Passkey

To initialize a passkey wallet tied to your app’s domain:

const keypair = await PasskeyKeypair.getPasskeyInstance(
	new BrowserPasskeyProvider('Sui Passkey Example', {
		rpName: 'Sui Passkey Example',
		rpId: window.location.hostname,
		authenticatorSelection: {
			authenticatorAttachment: 'cross-platform', // or "platform"
		},
	} as BrowserPasswordProviderOptions),
);

• cross-platform: Works with hardware keys and mobile devices.
• platform: Uses device-bound authenticators like Touch ID, Face ID, or Windows Hello.

It’s recommended to cache the PasskeyKeypair in your frontend so the public key is always available when signing transactions.

Recovering a Passkey

If the cached keypair is lost or the user switches devices, recovery is possible:

let provider = new BrowserPasskeyProvider('Sui Passkey Example', {
	rpName: 'Sui Passkey Example',
	rpId: window.location.hostname,
} as BrowserPasswordProviderOptions);

const testMessage = new TextEncoder().encode('Hello world!');
const possiblePks = await PasskeyKeypair.signAndRecover(provider, testMessage);

const testMessage2 = new TextEncoder().encode('Hello world 2!');
const possiblePks2 = await PasskeyKeypair.signAndRecover(provider, testMessage2);

const commonPk = findCommonPublicKey(possiblePks, possiblePks2);
const keypair = new PasskeyKeypair(commonPk.toRawBytes(), provider);

With two signed messages, a unique public key can be reconstructed. Alternatively, apps can prompt users to sign one message and resolve the correct public key by checking on-chain activity.

Using PasskeyKeypair

Once initialized, usage mirrors any other keypair in the SDK:

const publicKey = keypair.getPublicKey();
const address = publicKey.toSuiAddress();

const message = new TextEncoder().encode('hello world');
const { signature } = await keypair.signPersonalMessage(message);

const txSignature = await passkey.signTransaction(txBytes);

Full implementation examples are available in the MystenLabs passkey repo.

---

Supported Platforms

Sui’s passkey implementation works with any device that complies with WebAuthn. That includes most modern browsers and operating systems on both desktop and mobile.

Developers and users can reference the Passkeys.dev device support list for a breakdown of compatible platforms and authenticators.

---

Nimora: The First Passkey Wallet

The first real-world wallet to support passkeys on Sui is Nimora. It demonstrates how seamless onboarding and transaction signing can feel when blockchain fades into the background, letting users interact as naturally as they would with any modern app.

---

Looking Ahead

The launch of passkey is more than a feature—it’s a glimpse of the future. Just as the web moved from clunky logins to biometric and single sign-on systems, Web3 is undergoing its own transformation.

By prioritizing both security and simplicity, Sui is setting a new industry standard. If widely adopted, passkeys could finally relegate seed phrases and confusing onboarding flows to blockchain’s early history.

For users, it’s effortless access.

For developers, it’s a lighter integration path.

For Web3, it’s a necessary evolution toward mass adoption.