Help Center
Go to Console
Need help with Next Identity? Start here.
In this article
Importance of Enabling Passkey AuthenticationEnabling Passkeys in Your Application via Next Identity ConsoleCustomizing the Passkey Authentication ProcessAvailable CustomizationsUser Authentication with PasskeysFirst-Time Access and Passkey CreationUsing PasskeysWhere Passkeys Can Be StoredManaging Passkeys Within Profile SettingsFrequently Asked Questions (FAQ)
Home
Authentication & Security
Authentication Methods

Login with a passkey

Edited

Passkeys offer a modern, secure, and user-friendly authentication method that leverages public key cryptography. By integrating passkey authentication into your application, you can significantly reduce reliance on traditional passwords, mitigate phishing risks, and provide users with a seamless login experience across various devices.

Importance of Enabling Passkey Authentication

  • Enhanced Security: Passkeys are designed to be resistant to phishing, credential stuffing, and other common attacks. They utilize device-bound cryptographic keys instead of shared secrets, enhancing the overall security of user authentication.

  • Improved User Experience: With passkeys, users are no longer required to remember complex passwords. This method allows for fast and frictionless authentication across supported devices and browsers, improving the overall user experience.

  • Future-Proof Technology: Passkeys are aligned with industry standards such as FIDO2 and WebAuthn, ensuring compatibility with major platforms and ecosystems, including those from Apple, Google, and Microsoft.

  • Reduced Support Costs: By minimizing the number of password reset requests, organizations can lower operational overhead and enhance user satisfaction.

Enabling Passkeys in Your Application via Next Identity Console

To enable passkey authentication in your application, follow these steps:

  1. Log in to the Next Identity console.

  2. Navigate to the Journeys screen, and select the Journey you would like to enable passkeys for, click on the edit icon (pencil).

  3. The journey builder canvas page will load, showing you the current workflow for that journey (including a card for passkeys if it is enabled).

  4. If Passkey Authentication is not yet enabled:

    • Click on the "Add features" menu located on the top of the screen.

    • Locate passkeys and choose "Add".

    • The Passkeys step will now appear in your journey.

  5. Review the changes and save the updated journey in your lowest environment, typically Development, before propagating to upper environments.

Customizing the Passkey Authentication Process

You can tailor the passkey experience to meet your application’s specific needs. To customize, click the gear icon next to the Passkey step box in the journey editor, which will display the Passkeys settings screen.

Available Customizations

  • Enable Passkey Autofill: Allow users to quickly and securely log in by selecting a saved account from their browser's autofill suggestions, eliminating the need for manual credential entry.

  • Enable Passkey Promotion: Decide whether to encourage users to register a passkey after login. You can configure:

    • Enforce passkey promotion on every login: When enabled, users will be prompted to create a passkey each time they log in until they successfully register one. Activating this option automatically disables the "Passkey Promotion Interval in Days" setting, ensuring consistent promotion at every login attempt.

    • Passkey promotion interval in days: This setting defines the minimum number of days that must elapse before a user is prompted again to create a passkey after selecting "Not for now." This option is only available when "Enforce Passkey Promotion on Every Login" is disabled, allowing for a less frequent and more flexible promotion cadence.

User Authentication with Passkeys

Once passkey authentication is enabled in your application, users can utilize built-in browser and device capabilities to create and use passkeys for seamless and secure sign-in.

First-Time Access and Passkey Creation

Upon their first login after passkey authentication is enabled, users will be invited to create a passkey. This prompt is governed by the passkey promotion settings configured in the Next Identity console:

  • Users may choose to register a passkey immediately or defer by selecting "Not for now."

  • If deferred, the user will be prompted again based on the configured promotion settings, either at every login or after a specified interval.

This approach balances security and user convenience by encouraging passkey adoption without mandating it immediately.

Using Passkeys

After successfully creating a passkey, users can authenticate using any of the following methods, depending on your configuration:

  • Passkey Autofill: If autofill is enabled, users can log in quickly by selecting their saved passkey from the browser’s autofill suggestions, eliminating the need for manual input.

  • Passkey Button: Users can also initiate passkey-based authentication by clicking the dedicated Passkey button on your application's login screen, triggering the passkey selection and biometric verification process.

  • Standard Credentials: Depending on your journey configuration, users may still have the option to authenticate using traditional methods such as username and password, providing flexibility for diverse user preferences.

Where Passkeys Can Be Stored

  • Browser-Based Storage: Passkeys can be created and stored within browsers that support WebAuthn, such as Google Chrome, Safari, or Microsoft Edge. These passkeys are securely synced across the user’s devices via their browser account.

  • Password Managers: Alternatively, users can store passkeys in password managers like 1Password, which offer additional capabilities such as cross-platform synchronization, backup, and recovery options.

During authentication, users simply select their stored passkey and complete the process using their device’s biometric sensor (e.g., fingerprint, Face ID) or a PIN, ensuring both security and convenience.

Managing Passkeys Within Profile Settings

Next Identity provides end-users with self-service options to manage their passkeys:

  • Create a New Passkey: Users can add additional passkeys by accessing their Profile Settings and selecting the option to register a new passkey. This is useful when adding new devices.

  • Delete an Existing Passkey: Users can view a list of their registered passkeys and choose to delete any that are no longer needed or if they suspect a security issue.

These management options empower users to maintain control over their authentication credentials and enhance their account security.

Frequently Asked Questions (FAQ)

Q: Do passkeys replace passwords entirely?

A: Passkeys can be used as a passwordless solution or alongside traditional authentication methods, depending on your application’s security strategy.

Q: What happens if a user loses their device?

A: If the passkey is synced with the user's cloud account (e.g., iCloud Keychain, Google Password Manager), it can be recovered on a new device. Otherwise, users must register a new passkey.

Q: Can I disable passkey promotion for my application?

A: Yes, passkey promotion is optional and can be disabled in the passkey step settings.

Q: Are passkeys supported on all devices?

A: Passkey support is rapidly expanding but is dependent on browser and operating system capabilities. Most modern devices and browsers support passkeys.

Q: Is multifactor authentication still necessary with passkeys?

A: Passkeys inherently provide strong authentication, but depending on your risk profile and regulatory requirements, you may still choose to implement additional factors.

Was this article helpful?

Sorry about that! Care to tell us more?

Thanks for the feedback!

There was an issue submitting your feedback
Please check your connection and try again.
Next IdentityPlatform StatusNext Identity Console