Passkeys - LuxID
Faster Login with Passkeys
Say goodbye to forgotten or hard-to-remember passwords. Passkeys offer a new way to log in.
What is a Passkey?
In April 2023, Google, Apple, Microsoft, and other major digital players teamed up to offer a new way to log into their accounts with a new mechanism: passkeys.
Instead of using your usual password, a unique access key is used during login, based on an additional method like fingerprint or facial recognition, phone PIN, or a physical security key.
Advantages of Passkeys
No More Passwords to Remember
Passwords are often too short and reused, or they become longer, more complex, and difficult to remember. Passkeys are not passwords but a new method allowing you to log into an account without using a usual password, thanks to access keys.
Passkeys are More Robust
Passkeys work in pairs: a public key kept by the site or app you use (LuxID), and a private key stored on your devices. The two keys are linked, but one cannot be used without the other. If your account is compromised, the public key alone is useless; the private key will always be missing.
Better Protection Against Phishing
With passkeys, there are no passwords to hack, making phishing attempts futile. Even with a perfect imitation of an app or site, the system will detect the anomaly by noting the absence of the public key, which is only kept by the legitimate site.
How to Use a Passkey
To log in to LuxID using a passkey, you will be prompted to set it up during your login or in your account management. Make sure to set up your passkey only on devices you own.-
Login
Before setting up your passkey, you must log into your LuxID account with your usual username and password. -
Passkey Setup
If passkeys are supported by the device you are using, follow the steps provided by your browser or device to associate a passkey with your LuxID account. -
Association with LuxID
Your passkey is associated with your account and saved in your LuxID account management.
Opt for Passkeys
To be better protected against phishing attempts and to log in more easily, we recommend creating a passkey now.
Answers to Your Questions
- A passkey is an alternative method to log in to your LuxID account. Instead of entering your password, you can use the passkey, which serves as your secure personal access key. To access your account, the passkey is protected by your fingerprint, face, PIN, or a physical key.
- When you log in to an account or a system, and a passkey is configured, it is automatically detected and verified by the system to identify you.
- Once you have configured a passkey, you can easily use it to log in to your account and facilitate access to other applications, as well as to confirm your identity when making significant changes to your account.
- Passkeys provide excellent protection against attacks such as phishing. They offer an additional level of security compared to traditional passwords. They are often more difficult to hack, making accounts and data more secure.
- Each passkey is unique. It is randomly generated and based on encryption algorithms, making it different for each user.
- When you decide to set up a passkey, you choose a login method without having to enter your usual password during your future logins. For this, it is necessary to configure a passkey only on your personal devices that you alone use.
- If your device supports passkeys, you will need to follow your device’s instructions to set it up. When logging in to LuxID, the option "Log in with passkey" will be offered.
- Passkey compatibility may vary depending on the device and browser you use.
- Passkeys are integrated into various operating systems and browsers. Here are the minimum versions required for each platform.
- For Apple users: Passkeys work on devices running iOS 16+, iPadOS 16+, and macOS 13+ in combination with FaceID, TouchID, a PIN, or a separate FIDO2 security key.
- For Android users: Passkeys can be used on devices running Android 9+ (Pie) in combination with Fingerprint or a separate FIDO2 security key. Some devices like Fairphone and certain Huawei models (e.g., Huawei P40, Huawei P40 Pro) may not be compatible with passkeys due to specific limitations or Android derivatives without Google services.
- For Windows users: Passkeys can be used on Windows 10 version 1903+ and 11 in combination with Windows Hello or a separate FIDO2 security key.
- For Ubuntu users: Passkeys work on versions 22.04 LTS and later.
- Passkeys are compatible with recent versions of Chrome/Brave, Edge, Firefox, and Safari:
- Chrome/Brave: Version 70 and later
- Edge: Version 79 and later
- Firefox: Version 60 and later
- Safari: Version 13 and later
- Independently of operating systems and browsers, another option for using passkeys is through password managers. Here are some of the most well-known software compatible with passkeys:
- 1Password
- Bitwarden
- Dashlane
- Keeper
- LastPass
- We recommend regularly updating your operating system, browser, and applications to benefit from the latest developments and, most importantly, to have an up-to-date security environment. Regular updates ensure that you have the latest protections against potential threats.
- Once configured, passkeys can be synchronized between multiple devices via services like iCloud Keychain for Apple devices or Google Sync for Android devices, making it easier to access different devices without requiring a new configuration each time.
- Passkeys created on a Windows device are generally limited to use on the same Windows device that created them. However, it is possible to use them on other devices using security devices like FIDO2 keys or via the Microsoft Authenticator app for some advanced features.
- You can also use password managers compatible with passkeys, such as 1Password, Bitwarden, or Dashlane. These password managers support passkeys, offering a centralized solution for managing access without traditional passwords.
- If your environment does not allow passkey synchronization or if you simply do not want to enable synchronization, it is always possible to define multiple passkeys in LuxID, one on each device. Additionally, it is possible to use security keys that are not tied to a specific device, such as FIDO2 keys, for secure and flexible authentication.
- Synchronization: If you use services like iCloud Keychain or Google Sync, your passkeys can be automatically synchronized with your new device.
- New configuration: If synchronization is not possible, you can configure new passkeys on your new device.
Yes, it is possible to have multiple passkeys for the same account on different devices. This allows you to access your account from various devices without having to reconfigure your passkeys every time you change devices.
If you lose a device where a passkey was created, or if you accidentally set up a passkey on a shared device, it is crucial to delete the passkey associated with your account by signing in with your password and deleting your passkey in the security section of your account management.
Yes, you can delete a passkey by accessing your account's security settings and removing the associated passkey. This may be necessary if you lose your device or think your security has been compromised.
No. All your biometric data stays on your device. It is used on your device to open the secure enclave, some sort of a safe, which contains the private keys of the different passkeys.
- Some well-known devices that currently do not support Passkeys include:
- Samsung S9+ (Android 10)
- Samsung A05
- Xiaomi 12T Pro (HyperOS - Android 14)
- Fairphone 3 and earlier models
- OS related:
- iOS devices below version 17
- Android devices below version 9
- Passkeys are designed to enhance security and simplify logins, but not all devices support them due to hardware and software limitations. This list is not exhaustive, and there may be other devices with similar issues. If you experience problems with a device not listed here, please contact us. While we strive to support a wide range of devices, some limitations are beyond LuxID's control as they relate to the device itself.