Forget about passwords. Literally. The FIDO Alliance, an open industry group founded in 2013, aims to "solve the world's password problem" by creating safe, universal, password-less authentication standards based on public key cryptography.

The appeal of passkeys are easy to see. It takes a lot of time for users and IT teams to manage passwords, and they are difficult to remember and easily stolen or phished. In contrast, password-less authentication eliminates the most common phishable element— the password— and is more convenient for users. Password-less approaches are currently based on public key cryptography, which is considerably harder to crack than traditional passwords.

What is a Passkey?

A passkey is a FIDO-based credential that can be used to gain access to a digital account, such as your email or digital banking app. Only one passkey or private key may be used for a single account, and in order to access your account, you must demonstrate your ownership of the passkey using a user verification technique similar to the PIN or biometrics used to unlock your phone.

Passkeys can be stored in two different ways:

• Platform synchronized passkeys (synced passkeys) are stored in a cloud, and are accessible from many client devices. Users no longer need to re-enroll each device in order to access the same account across numerous devices.



• Device-bound passkeys such as a smart card or security key, link a particular sign-in credential to a particular device. This implies that in order for users to access their accounts, the device containing the passkey must always be connected to a computer or phone. Enrolling several keys as a backup is standard procedure when employing device-bound passkeys.

FIDO & How Passkeys Move Us Farther From Passwords

To understand how passkeys power password-less authentication, let’s review how FIDO works:

1. Users register a device to a service or application that is compatible with FIDO, such as a computer or a mobile phone that supports device-bound or synchronized passkeys.
2. A cryptographic key pair—a passkey and a public key—is generated by the registered user device. Every service or application has its own passkey; the public key is shared with the service, while the private key is kept on the device.
3. The next time they access the service, they’ll unlock their device, and a cryptographic protocol will be performed in the background to prove they still own the passkey.
4. If or when it is necessary to sign up for a new FIDO-compatible service or application, the process can be repeated using the same smartphone, security key, or smart card. 
   

Passkeys, Passkeys, Passkeys

FIDO enrollment and password-less logon's are made simpler and more scalable by passkeys, a kind of private key that are discoverable by browsers and can be kept in native apps or devices, such as security keys or cards. Passkeys cannot be compromised by a network breach since they are kept on user devices rather than company servers. Requiring users to verify their ownership of the device using a PIN or biometric can further increase security by lowering the possibility of theft or loss.

Have questions about passkeys, PKI, or other identity technologies? We can help, contact our team to discuss at (858) 622-2004 or view any of the following resources we have created to learn more about FIDO and Passkeys:

FIDO & PKI: A Password-Free Future  ..............  Blog: linked  here

So, What's a Passkey? .......................................  Blog: linked  here   

What is FIDO?  ..................................................... Educational Resource Page: linked  here

Our FIDO Line  ..................................................... Products: linked here