Comparing DNS over HTTPS and DNS over TLS

DNS over HTTPS DNS over TLS
J
Jordan Blake

Senior Content Strategist

 
November 7, 2025 5 min read

TL;DR

This article covers DNS over HTTPS (DoH) and DNS over TLS (DoT), two protocols designed to encrypt dns queries, enhancing user privacy and security. We'll explore how each protocol works, highlighting their differences in terms of implementation, performance, and network visibility. The article also helps you choose the right protocol for your specific needs, considering factors like security requirements and network environment, plus a look at how LoginHub can streamline authentication.

Understanding the Password Problem

Alright, so passwords, right? We all hate 'em, but we're stuck with 'em... or are we? It's kinda crazy how much we rely on these things that are, let's be honest, super flawed.

Here's the deal with why passwords are a pain:

  • They get phished all the time. Like, seriously, people fall for those emails pretending to be your bank.
  • Password reuse is rampant. We're all guilty of using the same password on multiple sites, it's just too easy.
  • Password management? A total nightmare. Who can remember a million different complex passwords? So, we end up using "password123", uh oh.
  • And of course, breached passwords? They wind up on the dark web which cybercriminals can use them to get into your accounts and steal your private data. This can lead to identity theft, financial loss, and even reputational damage. Fortunately, a new technology called passkeys is emerging to tackle these very issues.

But hey, there's gotta be a better way, right? Let's dive into passkeys, and how they're stepping up to solve these problems.

Introducing Passkeys: A Passwordless Solution

Okay, so you're probably thinking, "passwords are annoying, but what's the alternative?" Well, that's where passkeys comes in! It's like, instead of typing in some complicated thing you'll forget, your device is the key.

Here's the gist:

  • Passkeys are a safer way to log in. Think of it like a digital handshake between your device and the website, instead of shouting your secret password across the internet.
  • They use fancy cryptographic key pairs. Basically, your device has a private key and the website stores a public key. They work together to verify it's really you.
  • It's tied to your specific device, like your phone or laptop. So even if someone did somehow get a hold of your info, they'd need your actual device to log in.
  • Plus, passkeys are phishing-resistant by design. This is because the authentication occurs directly between your device and the legitimate website, meaning the passkey itself is never transmitted in a way that a phishing site could intercept and reuse.

Ready to dive deeper? Next up, we'll explore exactly how passkeys work...

How Passkeys Work: A Technical Deep Dive

Ever wondered what actually happens when you ditch your password for a passkey? It's not magic, but it's pretty darn clever. Let's break down the nerdy details, shall we?

So, first things first: you gotta register your device with the website or app. It goes something like this:

  • You kick things off by choosing to create a passkey. Simple enough, right?
  • Then, your device does its thing and generates a cryptographic key pair. Think of it as a secret handshake –one key stays with you (private), and one gets shared (public).
  • That public key heads over to the service and gets stored. They'll use it to verify it's really you later.
  • To keep your private key safe, you'll need to prove it's you with something like your fingerprint, face, or that trusty PIN.

Okay, you're all signed up. Now how do you actually log in without a password?

  • You try to log in to the site or app, like normal.
  • The service says, "Hey, prove it's you!" using that public key they stored earlier.
  • Your device whips out your private key and creates a fancy digital signature.
  • The service uses its stored public key to verify that the signature was indeed created by the corresponding private key on your device, confirming your identity. If it matches, boom – you're in! This successful verification is what we mean by 'Authentication Confirmation'.

It's a bit more complicated under the hood, but that's the gist. Next, we'll discuss the benefits of passkeys.

Benefits of Using Passkeys

Passkeys? They're not just tech hype, they actually make things easier. Who'd a thunk it?

  • No more password resets, as you're no longer relying on memorized passwords that can be forgotten.
  • Login is faster using your fingerprint or face. It's way easier than typing some crazy password. like who even remembers those anymore?
  • It works across your devices. This is typically achieved through secure cloud synchronization tied to your account or operating system, ensuring your passkeys are available on all your registered devices. So, you're not stuck using just your phone or laptop.

Up next, let's see how passkeys stacks up to other methods.

Passkeys in Software Development

So, you're thinking about using passkeys in your apps? Good choice! It's where things are headed, and honestly, it's not as scary as it sounds.

  • Start with the Web Authentication api (WebAuthn). It's your friend. It lets you hook into the browser's built-in passkey support. Think of it as the translator between your app and the user's device.
  • Leverage fido alliance standards. This is important for making sure your passkeys work across different platforms and devices. You don't want to lock users in, right?
  • Securely store and retrieve passkeys. Treat them like gold, because, well, they are. Consider using encrypted databases, adhering to best practices for key management, and exploring specialized identity providers.
  • Don't ditch passwords completely just yet. Offer passkeys as an option alongside existing methods for a smooth transition.

It's all about making it as seamless as possible for the user.

J
Jordan Blake

Senior Content Strategist

 

Jordan Blake is a seasoned content strategist with over a decade of experience helping brands craft compelling and optimized digital narratives. Known for translating complex topics into digestible content, Jordan is passionate about SEO-driven storytelling.

Related Articles

The Future of Distributed Social Networking Technologies
distributed social networks

The Future of Distributed Social Networking Technologies

Explore the future of social networking with distributed technologies. Learn about blockchain, federated servers, and AI-powered login solutions for enhanced privacy and control.

By Marcus Lee November 28, 2025 12 min read
Read full article
Understanding Centralized Authentication Protocols
centralized authentication

Understanding Centralized Authentication Protocols

Explore centralized authentication protocols like LDAP, Kerberos, OAuth, and SAML. Learn how they enhance security, simplify user management, and improve user experience.

By Jordan Blake November 26, 2025 11 min read
Read full article
Improving Privacy with DNS over TLS
DNS over TLS

Improving Privacy with DNS over TLS

Learn how DNS over TLS (DoT) improves online privacy and security. Discover its implementation, benefits, and integration with authentication solutions.

By Marcus Lee November 24, 2025 9 min read
Read full article
What is DNSSEC and Its Functionality?
DNSSEC

What is DNSSEC and Its Functionality?

Learn about DNSSEC, its functionality, and how it enhances security for domain name resolution. Discover how it integrates with authentication solutions and protects against DNS attacks.

By Marcus Lee November 21, 2025 7 min read
Read full article