So, let’s talk about Passkeys and what it is. A Passkey is a digital key that can be used as an authentication method in, for example Entra ID (in preview now). Each Passkey is tied to your own user and a service. So, in Entra ID that means that your passkey is tied into Entra ID with that passkey that you have created on your device. This means that you can access services without a password and that again means that you are password less 🙂
The advantages of using passkeys are many, like
- Passkeys are phishing resistant
- Users can leverage on password less login meaning that you don’t need to remember complex passwords anymore.
- Passkeys are device-based and works seamlessly with your device’s security features
- Passkeys are digitally stored, so you don’t loose the physical key like you can with “FIDO2 keys”
So how do they work?
Passkeys are digital keys that serve as an authentication method for services such as Entra ID. They are built on the WebAuthentication or “WebAuthn” standard, which uses public key cryptography. During account registration, the operating system creates a unique cryptographic key pair to associate with an account for the app or website. These keys are generated by the device, securely and uniquely, for every account. Passkeys are stored on the device and encrypted with enhanced security. Passkeys are device-based and work seamlessly with the device’s security features, such as biometric sensors like fingerprints or facial recognition. There are two types of passkeys: one stored only on the device it was added to, and the other is sync-able across devices.
Different passkeys
We have two types of passkeys. One is a passkey that is stored only on the device you have added it to, and the other is a passkey that is sync able – meaning that for Apple devices this sync able passkey is stored within the iCloud Keychain and can be synchronized between your apple devices using your Apple ID, same goes for Android devices with the equivalent password / passkey manager and Google accounts.
- Apple Passkeys (syncable)
- iCloud keychain
- Android Passkeys (syncable)
- Google Password Manager
- Windows passkeys (Device bound key)
- Secured by Windows Hello (biometrics and PIN)
- Authenticator Passkey (Device bound key)
- Relays on Apple/Android security features within the operating system
