Passkeys - Your Gateway to Seamless Security

1. How Passkey works for dummies
   1. Creating an account on website
   2. Create first passkey
   3. Login
   4. Setting up second passkey for your account
   5. What if my mobile device is lost
2. Where can I use passkey

In the digital world, passwords are like the keys to your personal treasure chest, but let’s face it, they’re more like a bunch of sticky notes you can’t find when you need them but someone else somehow can. Can we eliminate passwords by some degree? Yes, with Passkeys.

Passkey is a type of authentication method used to secure access to various online services and accounts. It is a unique key pair consisting of a public key and a private key that is generated specifically for an individual user

… in short, use your phone or fingerprint device with biometric to authentic your login.

Before adopting Passkeys you can have a trial on https://www.passkeys.io/ . Remember to read instruction from https://www.passkeys.io/#How-to-use-a-passkey . You can create passkey on multiple devices on the same account.

How Passkey works for dummies

Below demo runs on a Windows with fingerprint sensor and Windows Hello. You can have the same experience on mobile.

Creating an account on website

Like many application, you need to create an account first. Most website would ask you for password set up to keep you comfort.

Create an account with email you like,

Cegistration is skipped as this is just a demo

Create first passkey

Once you click the create button, the website would ask your browser to setup passkey.

Your browser direct your request to module with has passkey capability. Bitwarden in this case.

Authenticate with biometric.

Create a public/private key pair. Private key stays in the module. Only public key send back to browser and the website.

Thats it! The website associate your account with your passkey. You can logout/sign out.

Login

Login is very similar to create account. Sign in with a passkey. You dont need to provide your email address.

The process is the same.

You may notice that you can use more than device to login.

Setting up second passkey for your account

Let’s try “Use another device”

“iPhone, iPad, or Android device”

Scan QR code from your device.

Your device tells the website that the QR code is scanned from your account.

After authentication, your device generate its own public/private key pair, and then send the public key to the website.

You can now use the second passkey to login!

What if my mobile device is lost

Remember to setup recovery method for your account! Second passkey can be a recovery but please pick a reliable one to yourself. Otherwise you will end up like below.

Where can I use passkey

The following list will assist you in identifying services that are compatible with passkey adoption.

Services/OS that support Passkey:

• Bitwarden
• Windows (Windows Hello)
• iOS
• Andorid

Websites/Apps that support Passkey:

• Amazon
• Apple ID iOS only
• GitHub
• Google Account
• Internet Identity
• Linked In
• npmjs.com
• WhatsApp (Android & iOS)
• Yahoo

Websites that do not yet support Passkey but support Multi-Factor Authentication (MFA):

• Atlassian and its product family such as Bitbucket
• Docker
• Gitlab
• terraform.io
• Wellfound.com

You are encouraged to adopt Passkeys for enhanced security, as they are not susceptible to traditional phishing attacks and do not require memorization of complex passwords.

With the support of industry giants and the convenience they offer, Passkeys are set to become the new standard in digital security.