Articles on: Security

What is a Passkey and how to create one

All about Passkeys



Passkeys allow you to sign in safely and easily, without requiring a password and two-factor authentication.
Passkeys enable secure sign-ins to Altrady without needing to enter your password. If you use two-factor authentication (2FA), passkeys fulfill both password and 2FA requirements, allowing you to sign in with a single step. You can also use passkeys for sudo mode and resetting your password.

Passkeys consist of pairs of cryptographic keys (a public key and a private key) that are stored by an authenticator you control. The authenticator can confirm that a user is present and authorized to use the passkey. Authenticators verify authorization with a PIN, passcode, biometric (such as a fingerprint or facial recognition), or device password, depending on their capabilities and configuration. Authenticators come in various forms, such as an iPhone or Android device, Windows Hello, a FIDO2 hardware security key, or a password manager.

When you sign in to Altrady.com using a passkey, your authenticator employs public key cryptography to verify your identity to Altrady without ever sending the passkey. Passkeys are tied to a website domain, like Altrady.com, and require a secure connection, ensuring that the web browser will refuse to authenticate to a lookalike phishing website. These characteristics make passkeys highly resistant to phishing and much harder to compromise than SMS or TOTP 2FA, which can be phished.

Cloud-backed passkey services enable passkeys to be synced across devices (such as Apple devices, Android devices, or password managers) so they can be accessed from more locations and are less likely to be lost. Once you have set up a synced passkey on one device, that passkey becomes available across multiple devices using the same service. For example, if you register a passkey with your iCloud account using your MacBook's Touch ID, you can then use that passkey with your face, fingerprint, PIN, or device password interchangeably across multiple devices associated with the same iCloud account.

Passkeys and Authenticators



Some authenticators enable the use of passkeys with nearby devices. For instance, if you need to log in to Altrady.com using a Bluetooth-enabled laptop that lacks a configured passkey, and you have registered a passkey on your phone, you can either scan a QR code or initiate a push notification to your phone to securely complete the sign-in process.

Other authenticators generate device-bound passkeys, meaning they can only be used on a single authenticator device. These passkeys cannot be backed up or transferred to another authenticator. Some passkey providers may offer device-bound passkeys as an option during passkey creation, while others may not provide a choice between device-bound and synchronized passkeys.

Authenticators can also be portable devices. Passkeys stored on FIDO2 hardware security keys are also "device-bound," but they offer the advantage of portability and can be connected to other devices via USB, NFC, or Bluetooth. On certain platform and web browser combinations, FIDO2 security keys may be the sole option for using passkeys.

To determine whether your device and operating system support passkeys, consult the Device support section in the Passkeys.dev documentation.

Updated on: 23/11/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!