Passwordless Authentications

There's been a lot of talk lately about ditching passwords altogether for more secure login methods! 

I actually came across one called "Passkey authentication" while working on GitHub, and it sounded pretty cool, so I wanted to share it with you all.

Passkey is a brand new security standard that's being developed to replace those traditional passwords.  Imagine never having to remember another complex password again!

This leverages the public key cryptography, a core principle of FIDO2((Fast Identity Online)

The best part, Passkeys are way more convenient than passwords.  Instead of typing in a password, you can just use your fingerprint, face ID, or a PIN on your device to log in to websites and apps.  And these passkeys can even work across different devices, so you can use the same login on your phone, computer, or tablet. Pretty neat, huh?

Initial Passkey Setup:

·       When you first create a passkey for a website or app, you might be prompted to use your device's camera to scan a QR code displayed on the website/app.

·       Scanning the QR code securely transmits the website/app's public key information to your device.

·       Your device then uses this information to generate the corresponding private key, which is stored securely within your device's enclave.

·       This passkey is linked to your device's biometric authentication (fingerprint, face ID, etc.) or PIN.

Whenever you need to log in again, you'll simply scan QR and use your face ID or fingerprint or PIN, and your device will verify the passkey with the website or app. No need to remember any passwords! 

 I heard Microsoft Entra also supports this.

Any more apps that you come across supporting Passkey?

 Keep exploring!!

OSI Digital #ModernAuthentications #Passwordless #Passkey