Unpacking the tech: how passwordless key-based authentication works