Passkeys
Sets of cloud-based digital credentials that are easier to use and provide stronger protection than traditional passwords.
Developed by the FIDO Alliance, passkeys effectively replace passwords, which are a weak form of identity security in any industry or use case. Phishing attacks and security breaches often target knowledge-based credentials (like passwords) and can easily lead to compromised accounts and stolen data or assets.
A passkey is a digital, cryptographic, multi-device credential. Passkeys are a safer form of authentication than traditional passwords, as they do not require sensitive information that could be stolen to be stored, work with the latest device security features, and incorporate the FIDO2/WebAuthn protocols. They also function as a streamlined authentication solution that removes the hassle of registering multiple devices and accounts.
With passkeys, users can authenticate to the Operating System vendor on a new device, download these cryptographic keys on that device, and use those same keys to authenticate themselves. Passkeys are tethered to users through things like biometric factors (facial recognition, fingerprints), PINs, and patterns. This makes it more difficult for fraudsters to impersonate an individual, as they can’t simply input a password and username from a different geographic location or “steal” a user’s fingerprint or face. Passkeys require the registered user to have access to their passkey devices and, depending on the scenario, a PIN, fingerprint, or another form of identity is required to complete authentication.
Daon’s xAuth portfolio of authentication solutions includes device-based security, physical tokens, and on-device biometric authentication. These use FIDO UAF and FIDO2-certified authentication and feature combinations of solutions, including passkeys, and further options like face and voice biometrics. Designed with easy integration in mind, xAuth is an adaptive way to introduce the power of passkeys into your existing CIAM system. Their security level can also be increased by implementing xFace into the authentication process.
xAuth uses facial biometrics in its FIDO authentication offerings for on-device facial recognition.
xFace uses facial biometrics to provide highly-secure, server-based identity authentication.Learn More About Passkeys
Understanding Passkeys: FAQ
FIDO passkeys, more accurately referred to as multi-device credentials, are cryptographic keys. Learn more about their FIDO2 compatibility.
Passkeys & the Future of Banking
With tech giants going passwordless, will banks be ready to meet new consumer expectations? Ralph Rodriguez, President and CPO at Daon, weighs in.
The Promise of Passkeys
Passkeys have been at the forefront of fintech news for months. Will financial institutions embrace a passwordless future, or get left behind?
Frequently Asked Questions
Are passwordless authentication and passkeys the same thing?
Yes. Passkeys are a form of passwordless authentication, as they eliminate the need for passwords.
How are passkeys more secure than a password?
A passkey is a form of multi-factor authentication (MFA). To access an app or account, you need the passkey device, combined with a user’s face, fingerprint, PIN, or other authentication factor. This required combination inherently increases a passkey’s security.
Can my organization use passkeys for KYC and AML compliance?
No. While passkeys are a significantly more secure option than passwords and similar legacy authentication factors, they don’t have the required strength to meet regulations. To achieve compliance, we recommend employing xFace.