Passkeys that work on any browser, device, and application
We've made passkeys simple so you can deploy anywhere quickly, drive higher conversions, eliminate password reset calls, and secure users against account takeover fraud.
Passkeys only use phishing-resistant factors to authenticate such as local biometrics, local PIN, and asymmetric keys. Bonus: We allow you to check for device security posture for step-up authentication.
Seamless user experience
No passwords, one-time codes, push notifications, or second devices needed for your end users.
Easy to deploy
Let’s walk through how it works
When a user signs up for your app, we’ll create a passkey on their device
Their device now becomes a “trusted device” of this passkey and can be used to log into your app.
This user is also stored in Beyond Identity’s cloud
Your app will be able to reference this user in our cloud during login to verify their identity.
When a user tries to log in, the user’s passkey is checked with our cloud before we log them in
The user’s passkey will be verified and evaluated for risk before we give them access to your app.
Passkeys can be easily added and used across various devices and platforms
Your users can extend their list of trusted devices by adding passkeys across the devices they use so they can easily log into your app from any platform you support.
Frequently asked questions
You must re-enroll the user with a new passkey on their new device using the same mechanism as enrollment (e.g. if you enroll new users using email, that's how you would handle the recovery flow). To do so, we recommend that you provide users with a link for "Can't log in?" that, on click, prompts the user to enter their user ID which you can use to trigger a re-enrollment flow.
Passkeys are digital keys made up of public-private key pairs. They allow users to authenticate with their device biometrics or local device PIN instead of a password. They're easy to use and phishing-resistant.
- A private key that is on the users' device (something the user has)
- A device biometric or PIN (something the user "is" or "knows")
Yes, passkeys don't change how local biometric information and processing that is handled by the user's devices today. The users's biometric stays on local device and is never sent to a server. The server only receives information on if the biometric check was successful.