Passwordless workflows free users from the traditional password that’s typically associated with first-factor authentication. Passkeys are the latest development in passwordless technology, and provide the most advanced flexibility and security when it comes to verifying customer credentials without using passwords!
What are Passkeys?
Based on the WebAuthn specification, a Passkey is a discoverable public key cryptographic credential that provides a fully-flexible user experience across multiple devices. Passkeys are the next generation of advanced user authentication that offer the most compelling replacement to the password so far!
WebAuthn and the FIDO alliance
Web Authentication (a.k.a WebAuthn) is a specification by the W3C and FIDO – an alliance formed with the participation of Google, Mozilla, Microsoft, Yubico, and others. This specification provides for first-factor authentication of a user using public key cryptography instead of a password.
How do Passkeys work?
By leveraging public key cryptographic in conjunction with platform trusted device technology – such as biometric fingerprint or facial recognition – Passkey workflow provides proof that you are in possession of your device. And thus satisfies the various aspects of zero-trust user authentication in one go: something you are, something you know, and something you own.
Next-level WebAuthn
WebAuthn allows folks to leverage secure public key cryptography via the use of their secure (biometric enabled) device, as a replacement for UserID and Password credentials. Passkeys takes this even further, providing for cryptographic credentials that are easily discoverable across devices. Click on the image to learn more about Passkey technology, and see it in action.
Personal Devices…
On a personal device – such as a personal phone, tablet, or laptop – the Passkey generated for a particular site is also saved to the distributed Keychain associated with the provider. For an Apple device, for example, this typically means that the generated Passkey is saved to the iCloud Keychain associated with the Apple ID credentials with which the device is configured.
…Public Devices…
However, there are cases where you may need to use a public device that’s not configured with your provider specific credentials (i.e. your Apple ID, Google ID, etc). In such cases, the Passkey protocol supports signin using what’s often referred to as the “nearby device” workflow. In this scenario, a QR can be scanned by a camera equipped personal device in order to utilize the Passkey it may contain.
…across multiple platforms
With many providers – such as Apple – the QR code mechanism also extends to creating Passkeys on non-personal devices. Which can then be stored in the provider distributed Keychain. And QR code workflows can be used with devices on different platforms too – regardless of whether they’re personal or public in nature.
Build it yourself?
You could build support in-house, yourself. That’s true. Click on the image to read more about doing just that, and watch the recording of my related webinar here. If your team has the resources, time, capacity, knowledge, and expertise in developing SSO; deploying Attack Protection; leveraging OIDC and/or SAML for Authentication, Social and/or Enterprise Federation; implementing Passwordless and/or MFA, and/or (optionally) OAuth 2.0 for API Authorization – then it’s definitely an option. But what if there was a better way?
Meet Universal Login
Auth0 Universal Login allows you to create a fully customized user authentication experience, that incorporates Passkeys at the push of a button! And one that supports features like SSO and MFA too, right out-of-the-box! Integrate Universal Login as part of your login workflow, and let us focus on providing seamless access to all of the capabilities supported by the Auth0 platform, whilst you focus on building the core experience of your application.
Integrate with ease
With a variety of out-of-box options provided by a wide range of SDKs, you can build an initial integration with Auth0, written in any programming language and supporting any technology stack, in a matter of hours. Click on the image to visit the Auth0 SDK website and discover how to integrate with ease.
Read more about it on the Auth0 Blog
Click on the logo to read more about Passwordless Authentication using Passkeys on the Auth0 Blog The Auth0 Blog is also where you can find numerous articles on how Auth0 makes life easier when it comes to building Customer Identity & Access Management.
Stay informed
Helpful Identity & Access Management articles that are timely and relevant, whatever your level of experience. Whether you prefer to learn by reading, listening, watching videos, cloning repos, copying code, or attending a workshop or conference: content is everywhere and made for developers like you. Click on the image to subscribe to the newsletter today!
Begin the journey…
Sign up here, and create a free Auth0 Tenant to begin your journey. Play with prototyping an integration of your existing code – or develop something new; experience the Okta Customer Identity Cloud, powered by Auth0, in a way that best suits you.
…or try a Demo.
If you’re looking for some inspiration, why not take a look at some of the pre-build demos at demo.okta.com – where you can test-drive sample integrations for both the Okta Customer Identity Cloud and the Okta Workforce Identity Cloud too!
