Passkeys

An image of how passkey can be used to replace a password login using a fingerprint

Passkeys are the latest in user authentication, as a replacement for passwords which can be compromised especially if the site is hacked or the password the user uses is a weak one.

What are passkeys?

FIDO (Fast IDentity Online) Authentication makes it possible for users to sign in with phishing resistant credentials called Passkeys.

Passkeys can be synced across devices, bound to a platform or a security key.

Passkeys are much more secure than passwords and text message based OTP (One Time Passcode) as well as being simpler to use.

Passkeys are intuitive

Creating and using passkeys is simply a matter of consenting to use it and the passkey is saved to the computer.

Passkeys are per-service and unique

A unique passkey is created for each service the user wishes to use, which ensures each service gets a different passkey.

Passkeys are breach resistant

Passkeys use two keys to encrypt the data between the user’s device (where the private key is stored for the session) and the public key is stored on the server.

Servers that assist with syncing passkeys never have the ability to view or use the private keys on the user’s devices.

Passkeys are phishing-resistant

Unlike traditional password methods, where a phishing site could be a copycat of the official site, passkeys rely on the public key of the site to function, so if the user has not visited the site before, then the passkey feature will not function.

What methods work with Passkeys?

FIDO2 supports a number of different authentication methods, including facial and fingerprints.

Apple provides these to the end user through TouchID and FaceID in iOS 16. Microsoft provides these through Hello authentication and Android provides both facial and fingerprint authentication since Android 9.

There are also security devices like Yubikey that are carried with the user on a keyring that can be used to authenticate a user.

Enterprise users often used smart cards to log into their computers in combination with their passwords, and FIDO2 also supports them as a form of authentication.

Share this post with your friends