Passkeys

With passkeys, users can sign in safely and easily, without having to enter a password. A passkey is a modern, secure, and user-friendly key designed to replace passwords. It is a secret stored on your device, unlocked with biometrics or other screen lock method.

Passkeys are stored by an authenticator, proving that a user is present and is authorized to use the passkey. Authenticators come in many forms, such as an iPhone or Android device, or a password manager. Passkeys are typically saved to a keychain linked to the user’s platform account, and thus, automatically bringing easy synchronization across all user’s devices.

Unlike a password, passkeys cannot be shared, remembered, or written down. This makes them a phishing-resistant alternative to traditional passwords. Thus, passkeys should be considered as the primary authentication method.

To take the authentication with a passkey into use, users create a passkey and register it with their account for the application. In 10Duke Enterprise, this happens when a user creates an account for themselves, or upgrades their account security by adding a passkey to their existing account.

How passkeys work in 10Duke Enterprise

With the standard authentication setup with 10Duke Enterprise, passkeys work out of the box, and no implementation work is needed.

Users can register a passkey for themselves on the login page, either on their current device or another device.

By default, passkeys are not enforced on users, which means a user can select if they wish to use passkeys for signing in. Two-factor authentication (2FA) is not applicable when passkeys are used as passkeys provide improved security over passwords with multi-factor authentication.

If needed, passkeys can be disabled in your deployment. Contact the 10Duke Integration Support team.

Custom implementations

If you’re authenticating users through the Authentication API but you have implemented your own login page on top of it, you need to implement a feature on the login page for users to register passkeys for themselves.

If your software application is handling authentication directly with an external identity provider, passkeys must be implemented at the external identity provider’s end.

For any support in implementing passkeys, contact the 10Duke Integration Support team.

On this page