Passkey

From MgmtWiki
Revision as of 21:56, 6 January 2024 by Tom (talk | contribs) (Features)

Jump to: navigation, search

Full Title or Meme

As the name Passkey suggests, it requires dual verification of an account before someone can sign-in to that account.

Context

With Passkeys there’s a subtle difference to FIDO 2.0 as it surrounds a multi-device Fast Identity Authentication with another protocol. Passkey uses a notification, which is generally sent to an individual’s smartphone during a log-in process and lets them authenticate their credentials. Often, this is done using a PIN or biometric process and thereby removes the need for conventional letter and number combination passwords.[1]

Features

  • Passkeys can be synced between devices where enabled by the device. This feature can be blocked by using device-bound Passkeys.
  • The user must unlock the passkey on the device before it is used. Typically a Biometric Factor or pin is used.

Acceptance

By the end of 2023 it looks like more people are using passkeys than expected.[2]
1Password experienced a particular spike in October 2023, correlating with big companies like Amazon and WhatsApp rolling out their support for passkeys during this month, with over 70,000 created between October 16-22 alone.

References

  1. FIDO Passkeys - Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins https://fidoalliance.org/passkeys/
  2. Lewis Maddison, Looks like more people are using passkeys than expected 1Password sees passkeys exceed 700k (2023-12-21) https://www.techradar.com/pro/security/looks-like-more-people-are-using-passkeys-than-expected