FIDO (Fast IDentity Online) Alliance is an open-source organization formed with the aim to reduce the world’s resilience on passwords. FIDO Alliance, backed by some of the world’s biggest tech companies like Google, Apple and Microsoft, has designed a unique authentication solution called Passkey. Passkeys utilize a hardware device, such as a mobile device (phone), USB key or an NFC-enabled device, to verify the user's identity.
Since its inception, the FIDO Alliance has grown to include over 250 members, including large multinational corporations, smaller startups, and government agencies. FIDO standards are built in almost all browsers, operating systems, and consumer devices used in online transactions. Passkeys enable users to avail a highly secure and effortless login/transaction experience, thus proving to be the panacea for authentication security.
Passkeys are a new way of logging into your online accounts without needing to remember complicated passwords. With passkeys, you can create an account and sign in without typing anything out or entering a two-factor authentication code.
Instead, you simply need an authenticator like your phone, tablet, or PC. Your device will ask you to authenticate using your face, fingerprint, or a master password, as a security measure.
Passkeys are based on an API called WebAuthn, or Web Authentication, which uses public and private keys to verify your identity. The public key is shared with the website or app you want to sign in to, while the private key is kept secret and safe.
When you sign up for a new account, the website's server shares some information and asks you to confirm your authenticator. A passkey, including your public and private key pair, is then generated for that specific website. The public key is sent to the website's server for storage, while the private key remains securely stored in your authenticator.
The next time you sign in, the website will create a challenge, and your authenticator will first verify your identity through biometric or master password, sign the challenge using your private key and send the completed signature to the website. Finally, the website uses their copy of your public key to verify the signature's authenticity.
Passkeys are a simple and secure login solution that offer several benefits:
In summary, passkeys offer strong protection for your online accounts by generating strong keys, keeping your private key safe, and protecting against phishing and social engineering attacks. With passkeys, you can enjoy secure and hassle-free login experiences without having to worry about password strength or the security of your credentials.