Skip to main content

Passkeys

Passkeys provide a secure, passwordless authentication method based on public key cryptography, designed to replace traditional passwords and enhance both security and user experience. In azuma doa, Passkeys are tightly integrated with Device Binding.

info

Passkeys for web-based flows are coming soon.

Key Features

  • Passwordless Authentication: Users authenticate using cryptographic keys stored securely on their device, eliminating the need for passwords.
  • Multi-Device Support: Users can register multiple devices via linked Passkey, allowing for secure access from different devices.

How Passkeys Work in azuma doa

1. Registering a New Account with Passkeys

  • The user initiates account registration and chooses to use Passkeys.
  • The system prompts the user to create a Passkey, which is generated and stored securely on the device (e.g., using platform authenticators like Face ID, Windows Hello, or Android biometrics).
  • During this process, the device is also bound to the user's account, establishing a trusted relationship between the device and the account.
  • The public key is sent to the server and associated with the user's account and device; the private key never leaves the device.

2. Logging In with Passkeys

  • The user selects Passkey login and chooses the device they wish to use.
  • The system verifies that the device is already bound to the user's account.
  • The user authenticates using the device's secure method (e.g., biometrics or PIN).
  • A cryptographic challenge is signed by the device's private key and verified by the server using the stored public key.
  • Upon successful verification, the user is logged in.

3. Registering a New Device (Device Binding) with Passkeys

  • The user initiates the process to add a new device by logging in via pre-existing Passkey.
  • On successful login, the new device's public key is registered and bound to the account.

Important Notes

  • Security: The private key used for authentication never leaves the device, reducing the risk of credential theft.
  • User Experience: Passkeys streamline the authentication process, making it faster and more secure than traditional passwords.