Imagine ditching your passwords and no longer having to remember or manage a different password for every website you visit. Passkeys provide an authentication approach that replaces passwords with a strong, phishing-resistant authentication mechanism that’s already built into many user devices. A supported feature of Oracle Cloud Infrastructure Identity and Access Management (OCI IAM), passkeys provide a form of passwordless authentication creating a simpler and more secure sign-in experience for users.
Passkeys with OCI IAM
Passkeys are discoverable credentials that are compliant with the FIDO2 industry standard developed by the FIDO Alliance. They’re designed to eliminate the usability shortcomings of classic FIDO credentials or single-device credentials with support for crossdevice and crossecosystem authentication. They allow the credential to roam across multiple devices, which solves common credential-related challenges, such as recovery by backing up credentials and making them survive device loss and the multiple enrollments problem so there’s no need to repeat enrollment on each device.
Passkeys work by creating a cryptographic key pair generated for each user at enrollment time. A private key is stored securely on your device, and a public key is registered with the OCI IAM service. The public key on the OCI server is used to validate the signature created by your private key, validating your identity without you having to provide credentials in an unencrypted format. The passkey is tied directly to the specific service for which it was created. So you can’t be tricked into using a passkey on a fake site or app.
Passkeys help improve security compared to traditional password-based authentication because the risk of credentials being compromised or stolen is significantly reduced. Even if the information sent from the user’s device and the public key are both intercepted, those pieces of information can’t be used to gain unauthorized access without the private key, which never leaves your device. The server establishes a session by encrypting a message with the public key that only your private key can decrypt. Without it, an attacker can’t establish a session for you, the user.
Passkeys also help resist common threats, such as phishing, brute force attacks, and password reuse. Passkeys are typically protected by your device biometric or PIN. So, even if the device is stolen, passkeys are protected against improper use.
Other benefits
With improved security, passkeys provide an easier sign-in process. Traditional password-based credentials can be difficult to remember. You might even have a notebook or an app dedicated to managing your passwords. Strong passwords can be especially difficult to remember, particularly when you use a different strong password for each site, and they all require regular password changes and must include uppercase, lowercase, numbers, and symbol characters.
Passkeys eliminate the need to remember complex passwords altogether. You only need to possess your passkey-enabled device, such as a smartphone, to authenticate. This streamlined sign-in experience saves time and reduces frustration.
Want to know more?
To try passkeys with Oracle Cloud Infrastructure IAM, start with an Oracle Cloud Free Trial or contact the Oracle sales team today for a demo.
To learn more, see the following resources: