Comparing DNS over HTTPS and DNS over TLS

DNS over HTTPS DNS over TLS
J
Jordan Blake

Senior Content Strategist

 
November 7, 2025 5 min read

TL;DR

This article covers DNS over HTTPS (DoH) and DNS over TLS (DoT), two protocols designed to encrypt dns queries, enhancing user privacy and security. We'll explore how each protocol works, highlighting their differences in terms of implementation, performance, and network visibility. The article also helps you choose the right protocol for your specific needs, considering factors like security requirements and network environment, plus a look at how LoginHub can streamline authentication.

Understanding the Password Problem

Alright, so passwords, right? We all hate 'em, but we're stuck with 'em... or are we? It's kinda crazy how much we rely on these things that are, let's be honest, super flawed.

Here's the deal with why passwords are a pain:

  • They get phished all the time. Like, seriously, people fall for those emails pretending to be your bank.
  • Password reuse is rampant. We're all guilty of using the same password on multiple sites, it's just too easy.
  • Password management? A total nightmare. Who can remember a million different complex passwords? So, we end up using "password123", uh oh.
  • And of course, breached passwords? They wind up on the dark web which cybercriminals can use them to get into your accounts and steal your private data. This can lead to identity theft, financial loss, and even reputational damage. Fortunately, a new technology called passkeys is emerging to tackle these very issues.

But hey, there's gotta be a better way, right? Let's dive into passkeys, and how they're stepping up to solve these problems.

Introducing Passkeys: A Passwordless Solution

Okay, so you're probably thinking, "passwords are annoying, but what's the alternative?" Well, that's where passkeys comes in! It's like, instead of typing in some complicated thing you'll forget, your device is the key.

Here's the gist:

  • Passkeys are a safer way to log in. Think of it like a digital handshake between your device and the website, instead of shouting your secret password across the internet.
  • They use fancy cryptographic key pairs. Basically, your device has a private key and the website stores a public key. They work together to verify it's really you.
  • It's tied to your specific device, like your phone or laptop. So even if someone did somehow get a hold of your info, they'd need your actual device to log in.
  • Plus, passkeys are phishing-resistant by design. This is because the authentication occurs directly between your device and the legitimate website, meaning the passkey itself is never transmitted in a way that a phishing site could intercept and reuse.

Ready to dive deeper? Next up, we'll explore exactly how passkeys work...

How Passkeys Work: A Technical Deep Dive

Ever wondered what actually happens when you ditch your password for a passkey? It's not magic, but it's pretty darn clever. Let's break down the nerdy details, shall we?

So, first things first: you gotta register your device with the website or app. It goes something like this:

  • You kick things off by choosing to create a passkey. Simple enough, right?
  • Then, your device does its thing and generates a cryptographic key pair. Think of it as a secret handshake –one key stays with you (private), and one gets shared (public).
  • That public key heads over to the service and gets stored. They'll use it to verify it's really you later.
  • To keep your private key safe, you'll need to prove it's you with something like your fingerprint, face, or that trusty PIN.

Okay, you're all signed up. Now how do you actually log in without a password?

  • You try to log in to the site or app, like normal.
  • The service says, "Hey, prove it's you!" using that public key they stored earlier.
  • Your device whips out your private key and creates a fancy digital signature.
  • The service uses its stored public key to verify that the signature was indeed created by the corresponding private key on your device, confirming your identity. If it matches, boom – you're in! This successful verification is what we mean by 'Authentication Confirmation'.

It's a bit more complicated under the hood, but that's the gist. Next, we'll discuss the benefits of passkeys.

Benefits of Using Passkeys

Passkeys? They're not just tech hype, they actually make things easier. Who'd a thunk it?

  • No more password resets, as you're no longer relying on memorized passwords that can be forgotten.
  • Login is faster using your fingerprint or face. It's way easier than typing some crazy password. like who even remembers those anymore?
  • It works across your devices. This is typically achieved through secure cloud synchronization tied to your account or operating system, ensuring your passkeys are available on all your registered devices. So, you're not stuck using just your phone or laptop.

Up next, let's see how passkeys stacks up to other methods.

Passkeys in Software Development

So, you're thinking about using passkeys in your apps? Good choice! It's where things are headed, and honestly, it's not as scary as it sounds.

  • Start with the Web Authentication api (WebAuthn). It's your friend. It lets you hook into the browser's built-in passkey support. Think of it as the translator between your app and the user's device.
  • Leverage fido alliance standards. This is important for making sure your passkeys work across different platforms and devices. You don't want to lock users in, right?
  • Securely store and retrieve passkeys. Treat them like gold, because, well, they are. Consider using encrypted databases, adhering to best practices for key management, and exploring specialized identity providers.
  • Don't ditch passwords completely just yet. Offer passkeys as an option alongside existing methods for a smooth transition.

It's all about making it as seamless as possible for the user.

J
Jordan Blake

Senior Content Strategist

 

Jordan Blake is a seasoned content strategist with over a decade of experience helping brands craft compelling and optimized digital narratives. Known for translating complex topics into digestible content, Jordan is passionate about SEO-driven storytelling.

Related Articles

Exploring Lightweight Directory Access Protocol (LDAP) for Centralized Authentication
LDAP

Exploring Lightweight Directory Access Protocol (LDAP) for Centralized Authentication

Learn how LDAP works for centralized authentication. Explore its architecture, security best practices, and how it integrates with modern developer tools.

By Jordan Blake January 14, 2026 5 min read
Read full article
Understanding DNS Over HTTPS (RFC 8484): Pros, Cons, and Benefits
DNS Over HTTPS

Understanding DNS Over HTTPS (RFC 8484): Pros, Cons, and Benefits

Deep dive into RFC 8484 (DoH). Learn the pros, cons, and benefits of DNS over HTTPS for user security, authentication, and login management in the AI era.

By Marcus Lee January 12, 2026 6 min read
Read full article
What does Centralized Authentication entail?
centralized authentication

What does Centralized Authentication entail?

Learn what centralized authentication entails for modern apps. Explore SSO, ldap, oauth protocols and how to centralize login management for better security.

By Marcus Lee January 9, 2026 4 min read
Read full article
Exploring the Centralization of DNS
dns centralization

Exploring the Centralization of DNS

A deep dive into DNS centralization and its impact on authentication security, social login integration, and centralized login management for developers.

By Jordan Blake January 7, 2026 7 min read
Read full article