Description
Passkeys are a new, safe, and easy-to-use way to log in to websites. Learn about the benefits and how to start using passkeys with the Microsoft Authenticator app.
Table of Contents
Overview of Passkeys
What are passkeys?
Passkeys are a new way to log in to websites. Passkeys offer a high level of security compared to other login methods.
Key features of Passkeys:
-
Proximity Requirements: To log in, you might need to use a USB stick, or connect via Bluetooth or NFC (like tapping your phone).
-
Asymmetric Key Cryptography: This is a fancy way of saying that passkeys use a special kind of code to keep your information safe.
-
Biometric Integration: Your device might use your fingerprint, face, or a PIN to make sure it's really you.
Why Are Passkeys Secure?
Passkeys have three critical characteristics that make them highly resistant to phishing attacks:
-
URL-specific: Passkeys only work on the website or app they were created for, so they can't be used on fake sites.
-
Device-specific: They only work on the device where they were set up, so someone else can't use them on a different device.
-
User-specific: You need to do something physical, like using your fingerprint or face, to log in, making it very hard for someone else to pretend to be you.
Security Comparison of Login Methods
| Login Method |
Security Score |
Examples |
| Password alone |
Very Low |
- 123456
- QWERTY
- Password1
- iloveyou
|
| Password plus Multifactor Authentication |
Low |
- SMS (text message)
- Voice call
|
| Password plus enhanced MFA |
Medium |
- Authenticator push notifications
- Software tokens
- Hardware tokens
|
| Passwordless |
High |
- Authenticator Passkeys
- Authenticator Passwordless
- Windows Hello
- FIDO2 Security Key
|
Benefits of Passkeys
-
Easy to Set Up: The instructions for setting up passkeys are simple and user-friendly.
-
Highly Secure: Passkeys are one of the most secure ways to log in, even more secure than some other methods like Authenticator Passwordless.
-
Fast Login: Logging in with passkeys is quick, taking about 3 seconds, compared to 9 seconds with traditional passwords. Plus, you don't have to remember any passwords or wait for text messages.
Potential Drawbacks
-
Learning Curve: Using QR codes for logging in on different devices can be a bit tricky at first and doesn't give as much context as push notifications.
-
Proximity Needs: You need to have Bluetooth or NFC enabled on both devices you're using, and you might need to test compatibility between different devices (like an Android phone with a Mac).
-
Compatibility Issues: Some services, like Cisco Secure VPN, don't support passkeys yet.
-
Device Requirements: Passkeys need Android 14, though they still work with Android 12 and 13.
-
Syncing Limitations: Unlike Apple Passwords, passkeys don't support cloud syncing.
-
Account Conflicts: If you have a personal Microsoft account with the same username as your work account, you might run into errors.
In summary, passkeys offer a secure and fast way to log in, but there are a few things to keep in mind, like learning how to use them and ensuring your devices are compatible.
Using Passkeys Authentication with the Microsoft Authenticator App
Description
Passkeys with Microsoft Authenticator let you log in to Ohio University services without needing a password or extra security steps. It's a modern and safer way to sign in.
-
When using your cell phone, you'll be prompted to authenticate your login on the Microsoft Authenticator app.
-
When using another device (ex: web browser), you'll prompted to use your cell phone to scan a QR code to log in.
Requirements
-
You need a smartphone or tablet with the Microsoft Authenticator app.
-
Your device should be running Android 14 or later, or iOS 17 or later.
-
If you're using two devices to log in, both need Bluetooth turned on.
Limitations
-
Passkeys are tied to one device and can't be shared across multiple devices like Apple Keychain.
-
They don't work if the devices aren't close to each other. For example, passkeys won't work if you're trying to log into Catmail from a Virtual Desktop; you'll be prompted to authenticate via your original method.
-
The Cisco Secure Client for Ohio University's VPN doesn't support passkeys yet, so you'll be prompted to use your original authentication method.
Setting Up Passkeys for Authenticator
-
Open the Microsoft Authenticator app on your phone.
-
Select your previously configured Ohio University account.
-
Select Create a passkey.
-
You will be prompted to sign-in with your existing Multifactor configuration.
-
If your device isn’t configured with a screen lock, you will be prompted to first enable. After configuring the screen lock, you can proceed to generate the passkey.
-
If successful, you will see Passkey created.
-
In your phone settings, enable Authenticator for Passkey Use.
-
If using iOS: Go to Settings > General > Autofill & Passwords and ensure that AutoFill Passwords and Passkeys is turned on.
-
If using Android: Go to Settings > Passwords & Accounts > under the Additional providers section, make sure Authenticator is enabled.
Logging in with Passkeys Authentication on the Same Device Where Authenticator is Installed
-
Navigate to a resource that uses Ohio University Single Sign On (SSO) and enter your Ohio University email address.
-
Select Continue to approve your passkey sign-in.
Logging in with Passkeys Authentication on an Alternate Device (Cross-Device)
-
Navigate to a resource that uses Ohio University Single Sign On (SSO) and enter your Ohio University email address.
-
Select Continue and you will be prompted to use your mobile device to scan a QR Code to complete the sign-in.
-
Use the camera on the mobile device where the passkey is stored to scan the QR Code. You will be prompted to Sign in with passkey to complete the authentication.
Get Help From OIT