---
url: 'https://www.corbado.com/faq/why-bluetooth-used-no-passkey-transmission'
title: 'Why is Bluetooth used if it doesn’t transmit the passkey?'
description: 'Bluetooth in passkey authentication ensures device proximity for security but does not transmit the passkey itself, maintaining cryptographic integrity.'
lang: 'en'
---

# Why is Bluetooth used if it doesn’t transmit the passkey?

## Why Is Bluetooth Used If It Doesn’t Transmit the Passkey?

In **passkey authentication**, Bluetooth is used in certain authentication flows, such as
**cloud-assisted Bluetooth Low Energy (caBLE)**, but **it does not transmit the actual
passkey**. Instead, it serves a crucial role in ensuring that **the two devices involved
in authentication are physically close** before proceeding with secure cryptographic
operations.

### The Role of Bluetooth in Passkey Authentication

- **Proximity Verification**: Bluetooth allows the authentication process to confirm that
  the two devices (the one requesting authentication and the one holding the passkey) are
  physically near each other. This **prevents remote phishing attacks** or unauthorized
  login attempts from distant locations.
- **Mitigating Man-in-the-Middle (MitM) Attacks**: Because Bluetooth ensures proximity, it
  reduces the likelihood of a **MitM attack**, where an attacker intercepts the
  authentication request over the internet.
- **Session Establishment**: Bluetooth acts as a **triggering mechanism** for establishing
  a secure session. Once proximity is verified, the actual authentication data exchange
  happens over an **encrypted internet connection**, rather than being sent directly over
  Bluetooth.

### How Does Authentication Work Without Bluetooth Transmitting the Passkey?

- The **private key of the passkey never leaves the secure storage of the authenticating
  device**.
- The device holding the passkey **cryptographically signs a challenge** from the server.
- The signed challenge is then **sent over a secure internet connection**, not over
  Bluetooth.

### Does Bluetooth Always Have to Be Enabled?

Not necessarily. Some authentication methods, such as **QR code scanning**, allow for
passkey authentication without requiring Bluetooth. However, **caBLE (cloud-assisted
Bluetooth Low Energy)** is a preferred method in certain implementations to streamline the
user experience while maintaining security.

### Key Takeaway

Bluetooth in passkey authentication is **not used for data transfer** but as a **security
layer** to confirm physical proximity. This **enhances security without compromising the
integrity of the cryptographic authentication process**.

## Read the full article