Passkeys authentication

Passkey authentication is a cutting-edge method that leverages biometrics like Touch ID, Face ID, and security keys. It relies on the authentication capabilities present on users' devices, enhancing security while simplifying the login process. By harnessing your device's built-in security features, you can ensure the safety of your data and enjoy a more manageable alternative to passwords and conventional two-factor authentication methods.

This innovative concept emerged from the collaborative efforts of tech giants Apple, Google, and Microsoft. These industry leaders embraced passkeys as a means to elevate authentication standards, incorporating widely accepted protocols such as FIDO and WebAuthN.

Key advantages of passkey authentication:

• Efficiency: Biometrics streamline the login process, offering swift and uncomplicated access.
  Enhanced Security: Passkeys are often tied to specific devices or users, adding an extra layer of protection against unauthorized access and data breaches.
• User-Friendly: Passkeys eliminate the need for remembering intricate passwords or retrieving one-time codes from emails or phones, providing a hassle-free experience.
• Cross-Device Convenience: Passkeys empower users to access their sign-in credentials across multiple devices, including new ones, without the need for re-enrollment.

Incorporating passkey authentication into your system not only improves security but also enhances the overall user experience. With its speed, reliability, and user-centric design, passkeys redefine modern authentication methods.

Enable login with passkeys

Add passkeys to your sign-in page

1. Go to the builder
2. Go to the login box tab
3. Enable the Passkeys toggle

This is how your sign-in page would look with the Sign in with passkey button:

Passkey management for end users is available via self-service Privacy & Security page. Make sure to enabled it and publish.

Passkeys setup on sign-in

Once passkeys are enabled on the environment, users will be prompted to setup passkeys on next login.

After setting up their passkey on the device, on next login, once clicking on Login with passkeys, the user will be prompted for their fingerprint, face ID or other passkey that they've set up.

Login with passkey full flow

Manage and delete a passkey

Only one passkey is allowed per user and device. In order to switch to another passkey, the user will need to delete the existing one from the self-service → Privacy & Secuirty tab. Make sure self-service is integrated and this section is enabled for end users.

Passkeys restrictions

• MFA - Multi factor authentication is used to ensure second authentication method that is different from the main authentication. Our MFA methods include Authenticator apps, built in authenticators, SMS, and security key. In order to avoid a double use of WebAuthN authentication, we enforce different authentication methods.

• On the builder - You won't be able to add passkeys if you don't add "SMS" / "Authenticator apps" as MFA options for your users. On the sign-in flow - If users authenticated with "built in authenticators" / "security key" as a MFA method, they won't be able to view the prompt passkeys page.

• On the self-service - If MFA is forced, users won't be able to set up Passkeys if they didn't set up SMS/Authenticator apps as MFA methods.

• SSO sign-in Users that logged in with SSO won’t be able to set up passkeys. SSO is considered a secured authentication and when enabled it means that a user must sign in with SSO.

  • On the sign-in flow - passkeys prompt page won't be visible
  • On the self-service - Passkeys section won't be visible.