What is Passkey?

Modified on Mon, 1 Jul at 11:12 AM

Passkey is a secure and user-friendly authentication method that eliminates passwords and instead utilizes device authentication. Compared to traditional password and 2-factor authentication, passkey provides higher security and convenience to users.


The passkey results from the collaboration between technology industry leaders such as Apple, Google, and Microsoft to create a passwordless login method. It was later developed and standardized by the World Wide Web Consortium (W3C)* and the Fast Identity Online Alliance (FIDO Alliance)**.


How Passkey Works


The passkey system will create 2 keys as follows:


  • Key #1: Public key cryptography (Public Key) stored in the platform’s server.

  • Key #2: Private key, exclusively stored on the user's device and not in the server. This private key is generated when the user authenticates via the device, using fingerprint scanning, facial recognition, PIN, or pattern lock.

Passkey allows users to authenticate themselves through their devices when they want to access a particular platform. Once the user is authenticated through the device, the private key (key #2) will be connected to the server where the public key (key #1) is stored to verify the user's identity and log them into the platform.


Considering these 2 factors, the passkey system is more secure than other authentication methods currently available for the following reasons.


1. The passkey system is more secure than the traditional password method because it does not store the private key on the server, making it impossible to compromise in case of server violation.


2. The connection between the passkey and the public key can only be established on the server where the public key is securely stored. This significantly reduces the risk of access to unauthorized websites.


Benefits of Passkey


1. Enhances security by eliminating the risk of passwords being stolen or used by unauthorized individuals when accessing various data and services online. This is because users do not need to remember or enter any password, preventing it from being intercepted or accessed by anyone else.


2. User-friendly since users do not need to worry about remembering or entering a password. Additionally, users can easily access this function which is secured by a fingerprint scanner, facial recognition, or PIN, from any device, whether through a smartphone or a PC. This makes it more convenient and speeds up the process of accessing services.


3. Cross-platform capability on numerous devices and platforms so users can authenticate themselves seamlessly on any device or platform.


4. Eliminates password management, such as having to manage multiple password managers and remembering numerous passwords. This helps reduce the risk of password leakage.


5. Convenience: Customers can easily manage their passkeys through the Bitkub website and application. 


Scope of use

  • You can use the passkey on the Bitkub application version 3.31.1 and above. For the iOS operating system, the minimum version required is 16 or above. For the Android operating system, the minimum version is 10 or above.

  • The device used to scan the code for installing the passkey must be within 5 meters of range.

  • To ensure smooth use of the services, please verify the phone number registered with your Bitkub account.

  • Currently, one Bitkub account can activate one passkey.

  • You can no longer use other security verification methods to verify the crypto withdrawals after you activate the passkey on your account.

  • If you want to use other security verification methods, the passkey on your account must be removed. (Please see ‘How to remove passkey’.)


Limitation

  • Some devices may have limitations or not support the passkey system because it is a relatively new technology. If your device does not support the passkey, the system will notify you when activating it. However, you can still use other security verification methods available on Bitkub Exchange (password, authentication code, SMS OTP, and Email OTP).

  • If you cannot receive the SMS OTP due to the limitations of the SMS OTP service provider in some countries or other external factors, you will not be able to activate the passkey on your Bitkub account. (Check the list of countries with available SMS OTP service here).

  • To activate the passkey, your account registration and verification must be completed.


Attention

To ensure safety, customers are advised to refrain from activating the passkey on a shared device. This is because the passkey system is designed to use the hardware on the device for authentication.


Related articles


Remarks:

* The World Wide Web Consortium (W3C) is an internationally recognized independent organization that is responsible for developing and standardizing the system that operates on the World Wide Web. Both public and private sectors comply with the regulations set forth by the W3C when developing websites.


** The Fast Identity Online Alliance (FIDO Alliance) is a group of private companies from different industries that are leaders in the world of technology. This group is dedicated to developing an authentication system that is safe to use and they have issued regulations that support passkey. (FIDO Alliance members include Apple, Amazon, Google, Microsoft, Meta, US Bank, Chase, Paypal, Visa, Mastercard, and Coinbase as well as government agencies such as the Electronic Transactions Development Agency of Thailand (ETDA), the Cabinet Office of the United Kingdom, and government agencies from Germany, Australia, etc.)


References

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article