Passkey
From MgmtWiki
Full Title or Meme
As the name Passkey suggests, it requires dual verification of an account before someone can sign-in to that account.
Context
With Passkeys there’s a subtle difference to FIDO 2.0 as it surrounds a multi-device Fast Identity Authentication with another protocol. Passkey uses a notification, which is generally sent to an individual’s smartphone during a log-in process and lets them authenticate their credentials. Often, this is done using a PIN or biometric process and thereby removes the need for conventional letter and number combination passwords.[1]
Features
- Passkeys can be synced between devices where enabled by the device. This feature can be blocked by using device-bound Passkeys.
- The user must unlock the passkey on the device before it is used. Typically a Biometric Factor or pin is used.
Problems
- I Stopped Using Passwords. It’s Great—and a Total Mess Wired 2024-02
Acceptance
- Passkeys support by both Apple and Google. See the website for details.
- By the end of 2023 it looks like more people are using passkeys than expected.[2]
1Password experienced a particular spike in October 2023, correlating with big companies like Amazon and WhatsApp rolling out their support for passkeys during this month, with over 70,000 created between October 16-22 alone.
References
- ↑ FIDO Passkeys - Accelerating the Availability of Simpler, Stronger Passwordless Sign-Ins https://fidoalliance.org/passkeys/
- ↑ Lewis Maddison, Looks like more people are using passkeys than expected 1Password sees passkeys exceed 700k (2023-12-21) https://www.techradar.com/pro/security/looks-like-more-people-are-using-passkeys-than-expected
