Passkeys
Last updated
Last updated
Passkeys are used as two factor authentication method for users. They replace passwords and SMS.
Users don't need to remember a Password
Users don't need to type in an SMS code
Users unlock their phone with their face, fingerprint or PIN-code
Together with the binding to their phone-account, they have a very secure two factor authentication method that grants access to fidentity.
Read more about Passkeys (information provided by Google).
Users will be prompted to set a passkey for fidentity. They only need to confirm the system dialog and a passkey will be stored in their phone account.
When signing, the passkey is requested from the user where usually the user only clicks on confirm (the system automatically selects the right passkey).
On iOS, the iCloud Keychain must be enabled. The Passkeys are backed up and will be available, if you switch devices. You can read background information here.
Passkeys are tied to the phone-account. They must be used with mobile phone where they are set up.
Passkeys require iOS or Android as an operating System.
Passkeys on iOS require the apple keychain. Read more (information provided by apple).
When using third party password managers (for example one password), the user can select a wrong passkey resulting in a login error. In that case, they should refresh the site and use the automatically selected passkey.
After manually deleting passkeys, users must go through identification again. The passkey dialog will display an error message and abort.
If users abort the passkey dialog (for example by tapping on "x"), they may retry the passkey dialog or go through identification again.
When testing it is possible to have a great number of passkeys on a single device. To delete those passkeys, follow the video instructions:
iOS: Settings -> Passwords -> search for "fidentity" -> click on "edit" -> select passkeys to delete -> delete.
Android: Search for "Password manager" -> open -> select account to be deleted -> delete passkeys.
If you use a 3rd party password manager like Lastpass or OnePassword, be aware of the following caveats:
Your password manager must be capable of handling passkeys (at the time of writing, OnePassword is passkey-capable, while Lastpass is not).
You can select which Passkey to use to authenticate to fidentity. If you select the wrong Passkey, access is denied.