Passkeys are a replacement for passwords, making the login experience easier and more secure. Passkey authentication eliminates numerous attacks that use stolen passwords. It also protects users against phishing as each passkey is linked to a specific website or application.
Passkey Authentication in edu-ID
Passkey support in edu-ID is currently under development. Please contact us if an individual or an organization would like to use it on the production system.
Passkeys exist in many different types. In edu-ID, all passkeys supported by the user's platform can be used. The passkey support on the platform depends on the browser, the operating system and, if applicable, the cell phone or the USB security key.
In general Passkeys can potentially be generated, stored and managed by the following devices
- Mobile phones with built-in passkey support
- FIDO2 security keys
- Desktop computers and notebooks
- Password managers
A good overview of the supported devices can be found here: https://passkeys.dev/device-support/
Multi factor equivalence
The edu-ID passkey implementation is configured to always have the authentication quality of a 2-step login (2-factor authentication). A passkey authentication in edu-ID requires user verification, whereas simple user presence is insufficient.
- Mobile phone login: the passkey authentication requires the unlocked mobile phone (possession) and the unlocking of the passkey with fingerprint (inherence), face recognition (inherence) or pin code (knowledge).
- USB sequrity key login: the passkey authentication requires the USB security key (possession) and the unlocking of the passkey with fingerprint reader on the stick (inherence) or pin code entry on the computer (knowledge).
edu-ID supports cross device authentication, the synchronization of passkeys between devices. The providers of synchronization solutions claim to end-to-end encrypt the passkeys transmitted from one device to another, and not to be able to read them out.
Refer to the statements of providers for more details:
- Apple: iCloud Keychain Security
- Google: Security of Passkeys in the Google Password Manager
- Microsoft: (sync not yet supported)
- 5.5.22: Apple, Google, and Microsoft commit to expanded support for FIDO standard to accelerate availability of passwordless sign‑ins
Related to Passkeys in SWITCH edu-ID:
- 25.10.23: Nie wieder Passwörter - mit Passkeys in die Zukunft (Podcast, DE)
- 17.10.23: Mit Passkeys in eine passwortlose Zukunft (Inside IT article, DE)
- 13.9.23: SWITCH edu-ID: Into a future without passwords (SWITCH Story FR/EN/DE)