Passkeys - Your Gateway to Seamless Security

In the digital world, passwords are like the keys to your personal treasure chest, but let’s face it, they’re more like a bunch of sticky notes you can’t find when you need them but someone else somehow can. Can we eliminate passwords by some degree? Yes, with Passkeys.

Passkey is a type of authentication method used to secure access to various online services and accounts. It is a unique key pair consisting of a public key and a private key that is generated specifically for an individual user

… in short, use your phone or fingerprint device with biometric to authenticate your login.

Before adopting Passkeys you can have a trial on https://www.passkeys.io/. Remember to read instructions from https://www.passkeys.io/#How-to-use-a-passkey. You can create a passkey on multiple devices for the same account.

How Passkey works for dummies

Below demo runs on a Windows with fingerprint sensor and Windows Hello. You can have the same experience on mobile.

Creating an account on website

Like many applications, you need to create an account first. Most websites would ask you for a password setup to keep you comfortable.

Create an account with email you like,

Registration is skipped as this is just a demo

Create first passkey

Once you click the create button, the website would ask your browser to setup passkey.

Your browser directs your request to a module which has passkey capability. Bitwarden in this case.

Authenticate with biometric.

Create a public/private key pair. Private key stays in the module. Only public key send back to browser and the website.

That’s it! The website associates your account with your passkey. You can logout/sign out.

The process is the same.

You may notice that you can use more than one device to login.

Setting up second passkey for your account

Let’s try “Use another device”

“iPhone, iPad, or Android device”

Scan QR code from your device.

Your device tells the website that the QR code is scanned from your account.

After authentication, your device generates its own public/private key pair, and then sends the public key to the website.

You can now use the second passkey to login!

What if my mobile device is lost

Remember to setup recovery method for your account! Second passkey can be a recovery but please pick a reliable one to yourself. Otherwise you will end up like below.

Where can I use passkey

The following list will assist you in identifying services that are compatible with passkey adoption.

Services/OS that support Passkey:

Bitwarden
Windows (Windows Hello)
iOS
Android

Websites/Apps that support Passkey:

Amazon
Apple ID iOS only
GitHub
Google Account
Internet Identity
LinkedIn
npmjs.com
WhatsApp (Android & iOS)
Yahoo

Websites that do not yet support Passkey but support Multi-Factor Authentication (MFA):

Atlassian and its product family such as Bitbucket
Docker
Gitlab
terraform.io
Wellfound.com

You are encouraged to adopt Passkeys for enhanced security, as they are not susceptible to traditional phishing attacks and do not require memorizing complex passwords.

With the support of industry giants and the convenience they offer, Passkeys are set to become the new standard in digital security.

Comments

Please accept the "Functionality" cookie category to view and post comments.