Passkeys

What is a Passkey?

It’s an easy and secure way to authenticate using your device’s screen lock, face ID, touch ID, Windows Hello, or a hardware authenticator.

Creating

  1. Authenticate using an existing authentication method (a passkey or username/password and a 6-digit TOTP code).

  2. Click “Manage Passkeys” to manage your personal passkeys.

  1. Click “Create a passkey“ in the passkey management dialog.

image-20240127-044355.png

You will be asked to enable re-authenticate to perform this sensitive action. This can be done by using an existing passkey for your account or with your password.

  1. Follow device prompts to add a passkey.

If a passkey provider is available on your machine (password manager, hardware key, Windows Hello, etc.) you will be prompted to set up a passkey in one of these locations. Alternatively you can follow prompts that allow you to set up a passkey on a different device (like a phone) by scanning a QR code and following prompts on the device you wish to configure with a passkey.

  1. After registering a passkey, you will be prompted to set a nickname for your passkey for personal future reference. If your passkey is FIDO certified (like TPM-based Windows Hello or Yubikey hardware authenticators) the tile will display the FIDO certification level (https://fidoalliance.org/certification/authenticator-certification-levels/ ), will have the authenticator’s logo, and the default nickname will be the product description. Otherwise if the authenticator is not FIDO certified (i.e. iOS keychain or other password manager), the default passkey logo will be shown:

  1. You are done! You should receive an email alert that a passkey was configured for your account and you can log in by clicking “Log in with a passkey“ .

Managing

Managing your Passkeys

When managing your own passkeys, by clicking “Manage Passkeys“ from the side menu, you have the ability to create (as we discussed above in the creation process), edit nicknames, and revoke your passkeys. All of these actions require re-authentication or “write-enabled mode“ to be active.

Managing Passkeys as an Admin

To manage other users' passkeys as an Admin, click “Manage Passkeys“ after clicking the settings icon for an individual user in the Admin page.

Admin users will only have the ability to revoke other users' passkeys. Users cannot add passkeys for other users or change passkey nicknames on behalf of other users. These actions can only be performed by the owner of the account.