Passkey authentication
According to Passkey Central, a passkey is a FIDO authentication credential based on FIDO standards. It allows a user to sign in to apps and websites with the same steps they use to unlock their device (biometrics, PIN, or pattern). With passkeys, users no longer need to enter usernames and passwords, or additional factors. Passkeys offer a host of benefits:
- User-friendly: No more forgetting passwords or dealing with complex password rules.
- Secure: Passkeys provide strong protection against phishing attacks and other security threats.
- Convenient: Use your passkey across all your devices, whether it’s a phone, tablet, or computer.
With passkeys, logging in becomes a seamless and secure experience, freeing you from the frustrations of traditional passwords.
Generally speaking, there are two types of passkeys:
Synced passkey: Passkeys are synced between a user's various devices. They are stored securely with a password or credential manager such as Apple Passwords Manager, Google Password Manager, 1Password, or BitWarden. Users can access synced passkeys across many of their devices, even new ones, without having to re-enroll every device on every account.
Device-bound passkey: These passkeys are bound to and used only on a single device (a security key). They are FIDO authentication credentials that cannot leave the issued device. These passkeys are bound to a FIDO security key or platform and cannot be synced across devices. A physical security key or device can store multiple single-device passkeys.
The above information is sourced from this link. Visit it for more details on passkey types. For an explanation of how passkeys work, see this resource.
Using passkeys in Safewhere Identify
The following demonstrations explain how to use passkeys with Safewhere Identify in different setups.
We will demonstrate how users can log in to IdentifyMe using a passkey. We use IdentifyMe as the sample application because it allows you to reset your registered WebAuthn authenticators, in case you want to test the registration flow again.
For using synced passkeys in Safewhere Identify, refer to this link.
For using device-bound passkeys in Safewhere Identify, refer to this link.