Read the full article here
Introducing Relationship Public Keys (RPKs)
Relationship Public Keys (RPKs) are emerging as a transformative layer in the passkey/WebAuthn ecosystem. As users authenticate across phones, tablets and laptops, RPKs provide a privacy-preserving way to recognize and trust a user’s devices without adding friction. By enabling credential managers to signal verified device relationships, RPKs bridge the gap between strong security and a smooth user experience.
What Are Relationship Public Keys (RPKs)?
RPKs extend the WebAuthn model with cryptographically secure, privacy-preserving “relationship” signals between a user’s devices. Instead of forcing users to re-verify each new device or blindly trusting all synced devices, RPKs let websites make informed trust decisions while keeping the user journey effortless and consistent.
How RPKs Improve Device Trust for Passkeys
Traditional approaches either accept all synced devices (weakening security) or prompt users constantly (adding friction). RPKs introduce a relationship-based trust model in which major credential managers (e.g., Apple, Google, Microsoft) verify connections using signals such as:
- Physical proximity or secure local handshakes
- Shared security hardware
- Verified phone numbers
This creates a “web of trust” among a user’s devices so relying parties can streamline authentication on trusted devices and step up when signals look suspicious.
Technical Overview: RPKs and WebAuthn Integration
RPKs allow credential managers to share signed, privacy-preserving trust assertions with relying parties during WebAuthn flows. Sites can request these relationship signals and evaluate whether a device belongs to a verified set-without exposing personal device details. For end users, this is invisible: faster logins, fewer unnecessary prompts and consistent UX across devices.
RPKs in Practice: Industry Applications and Compliance
- Banking: Helps meet PSD2 Strong Customer Authentication by strengthening device trust while preserving low-friction access.
- Healthcare: Supports HIPAA-aligned, secure multi-device access for clinicians and patients.
- Enterprise IT: Reinforces zero trust and BYOD policies with better UX and reduced support costs.
- E-commerce: Recognizes trusted devices to accelerate checkout and improve conversion.
Preparing for RPK Adoption: Key Steps for Organizations
- Drive high passkey adoption among users to maximize coverage of trusted devices.
- Run regular audits to uncover authentication friction and risk areas.
- Choose solutions that will support RPKs as they become available
- Invest in analytics to measure readiness, adoption and trust outcomes.
The Future of Device Trust and Passkey Authentication
RPKs represent the next evolution of trust-based authentication—letting websites make nuanced, privacy-preserving trust decisions while keeping the UX delightfully simple. Organizations that establish robust passkey infrastructure today will be best positioned for secure, user-friendly authentication at scale as RPKs mature.
Find out more here
SEO Keywords: relationship public keys, RPKs, passkeys, WebAuthn, device trust, multi-device authentication, phishing-resistant authentication, zero trust, BYOD, PSD2 SCA, HIPAA, e-commerce conversion, credential managers, Corbado passkeys, privacy-preserving signals
Top comments (0)