Difference between revisions of "Passkey"

From MgmtWiki
Jump to: navigation, search
(Features)
(Problems)
Line 12: Line 12:
 
==Problems==
 
==Problems==
 
* [https://www.wired.com/story/stopped-using-passwords-passkeys/ I Stopped Using Passwords. It’s Great—and a Total Mess] Wired 2024-02
 
* [https://www.wired.com/story/stopped-using-passwords-passkeys/ I Stopped Using Passwords. It’s Great—and a Total Mess] Wired 2024-02
 +
+ The credentials created by a web connected user on a browser are completely useless when the underlying protocol insistes on some complex format like SD-JWT.
  
 
==Acceptance==
 
==Acceptance==

Revision as of 11:38, 16 February 2024

Full Title or Meme

As the name Passkey suggests, it requires dual verification of an account before someone can sign-in to that account.

Context

With Passkeys there’s a subtle difference to FIDO 2.0 as it surrounds a multi-device Fast Identity Authentication with another protocol. Passkey uses a notification, which is generally sent to an individual’s smartphone during a log-in process and lets them authenticate their credentials. Often, this is done using a PIN or biometric process and thereby removes the need for conventional letter and number combination passwords.[1]

Features

  • Passkeys can be synced between devices where enabled by the device. This feature can be blocked by using device-bound Passkeys.
  • The user must unlock the passkey on the device before it is used. Typically a Biometric Factor or pin is used.

Problems

+ The credentials created by a web connected user on a browser are completely useless when the underlying protocol insistes on some complex format like SD-JWT.

Acceptance

  • Passkeys support by both Apple and Google. See the website for details.
  • By the end of 2023 it looks like more people are using passkeys than expected.[2]
    1Password experienced a particular spike in October 2023, correlating with big companies like Amazon and WhatsApp rolling out their support for passkeys during this month, with over 70,000 created between October 16-22 alone.

References

  1. FIDO Passkeys - Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins https://fidoalliance.org/passkeys/
  2. Lewis Maddison, Looks like more people are using passkeys than expected 1Password sees passkeys exceed 700k (2023-12-21) https://www.techradar.com/pro/security/looks-like-more-people-are-using-passkeys-than-expected