...
- Bitwarden, 1Password and Keeper now allow using passkeys to access their vaults (https://bitwarden.com/blog/log-into-bitwarden-with-a-passkey/ ...).
- Dashlane was the first password manager to offer an in-browser passkey solution. Now, !!!
- Bitwarden launches passkey management: https://bitwarden.com/blog/bitwarden-launches-passkey-management/ https://bitwarden.com/blog/#tag:passkeys
- Added support to 1Password for iOS or Android: https://blog.1password.com/save-use-passkeys-android/, after earlier added support for Chrome, Edge, Brave, Safari, Firefox and iOS, account management - beta: https://support.1password.com/passkeys/
- Keeper?
- NordPass?
Case studies
For an e-commerce company, passkey implementation improved security and end-user experience. Although previously implemented passwords with SMS OTPs were successful in combating phishing attacks, they were costly and not user-friendly nor entirely effective. Passkeys addressed these issues by improving security, reducing costs and enhancing user experience. As a result, 900,000 accounts registered passkeys, increasing the sign-in success rate from 67.7% to 82.5% and decreasing the sign-in time from 17 seconds to 4.4 seconds. [https://fidoalliance.org/mercaris-passkey-authentication-speeds-up-sign-in-3-9-times/]
A government department sought to enhance security and end-user experience for their digital identity solution for over 10 million users. They chose to implement passkeys to replace passwords and SMS OTPs, which were costly and vulnerable to phishing. Their goals were to streamline the login process, decrease the strain on the help desk and fortify security. Based on prior experiences, they required a standards-based solution with interoperability and vendor neutrality. They created a tailored user experience based on findings from usability studies. Within six months, more than 100,000 devices enrolled in passkeys and there was a significant reduction in help desk calls for password resets. Future targets include migrating all users to passkeys, implementing authentication for the workforce and incorporating FIDO authentication into the state’s Zero Trust Identity strategy. [https://fidoalliance.org/state-of-michigans-milogin-adopts-passkeys/]
New uses
Emerging use of passkeys for end-to-end encryption with the PRF WebAuthn extension (https://github.com/w3c/webauthn/wiki/Explainer:-PRF-extension, https://w3c.github.io/webauthn/#prf-extension) which is used to provide access to anf encryption key from a passkey for particular site, which can then be used to reliably encrypt and decrypt data. One of uses for this is to provide the client with vault data ( https://bitwarden.com/blog/log-into-bitwarden-with-a-passkey/).
...
The alliance is also offering independent testing and certification programmes that address key elements of passkeys, including functional certification of authenticators (at three levels with two increments) and biometric components [https://fidoalliance.org/certification/, https://fidoalliance.org/certification/fido-certified-products/]. Establishing an integral scheme for passkey authenticator and provider implementations would greatly benefit their adoption in more secure scenarios.
Case studies
For an e-commerce company, passkey implementation improved security and end-user experience. Although previously implemented passwords with SMS OTPs were successful in combating phishing attacks, they were costly and not user-friendly nor entirely effective. Passkeys addressed these issues by improving security, reducing costs and enhancing user experience. As a result, 900,000 accounts registered passkeys, increasing the sign-in success rate from 67.7% to 82.5% and decreasing the sign-in time from 17 seconds to 4.4 seconds. [https://fidoalliance.org/mercaris-passkey-authentication-speeds-up-sign-in-3-9-times/]
A government department sought to enhance security and end-user experience for their digital identity solution for over 10 million users. They chose to implement passkeys to replace passwords and SMS OTPs, which were costly and vulnerable to phishing. Their goals were to streamline the login process, decrease the strain on the help desk and fortify security. Based on prior experiences, they required a standards-based solution with interoperability and vendor neutrality. They created a tailored user experience based on findings from usability studies. Within six months, more than 100,000 devices enrolled in passkeys and there was a significant reduction in help desk calls for password resets. Future targets include migrating all users to passkeys, implementing authentication for the workforce and incorporating FIDO authentication into the state’s Zero Trust Identity strategy. [https://fidoalliance.org/state-of-michigans-milogin-adopts-passkeys/]
Enhancement on our Wiki
Provide links to the text at https://wiki.geant.org/display/GWP5/Passkey:
...