How Passkeys Change the Authentication Game
Passkeys based on asymmetric cryptography that eliminate passwords have the potential to change the authentication industry. Founding engineer Nelson Melo explains how passkeys can work and how Beyond Identity’s Universal Passkey Architecture enables developers to use passkeys to ease and secure the authentication for any application, generate a seamless user experience across their devices and clients, and make adopting the FIDO standard simpler and faster.
Hey, everyone. My name is Nelson. I'm a founding engineer of Beyond Identity, and I'd like to describe how we think about different scenarios for a user's life where they could use passkeys and how they could add to different devices to enhance their experience logging into each authentication experience.
First, let's use a hypothetical application. I'm calling this Sprockify, which is an app that Jing is going to use to buy sprockets. She's going to a convention, and she'd like to see a few products. First, she's at work. She's browsing the site, and she would like to add some sprockets to her wishlist, and she uses a passkey to sign up into that experience.
So now, there's a passkey on her browser. Does a little bit of work, but now, Jing has to go. She has to go home, and she's going to commute. So, to, kind of, continue to do work from the road, she would like to add that passkey to a native application on her phone.
That's a process that can be facilitated by the Beyond Identity experience using a login, and that key gets automatically created on the native app. Now, Jing's on the bus. She keeps looking for sprockets and adding them to the Sprockify application. She gets home, and she's not quite done.
She has to do a little bit more work. But now, she has a browser that is maybe on a different operating system. Her browser at home is a Windows machine, while her browser at work was a Mac. Now, to log in to the Sprockify application, she can extend that key again using, again, a login, which creates a key on her browser at home.
Passkeys are secure keys that are stored on the device where the user has them. They're secured by something called a Secure Enclave or a Hardware Component, and they cannot be moved, even if an attacker gained control over the device. And to unlock that key, Jing will be able to use a local biometric or a local pin as a method of authentication.
That's provided by the operating system. To give Jing that seamless experience that's super frictionless for logging in and buying sprockets from their app, the developer, all they had to do was sign up for an account in Beyond Identity...that creates a tenant for them... and then integrate the native SDKs into each one of these platforms.
After that, users can create keys on every device and use them from anywhere they are.