Passwordless Login with Passkeys

Creating a strong and unique password which is easy to remember is really hard. Most of the time, we either pick an easy password or use the same password across different logins. Easy passwords are easy to guess by attackers and the same password creates issues if one of our accounts gets compromised. Multi-Factor Authentication (OTP, TOTP) can also be compromised if our OTP receiving service (email account) gets compromised.

Most of the time we use the same device (mobile, PC) to login into our account. We can easily secure our accounts if we can somehow force our account access from only these devices and use something like bio-metric or device authentication methods.

And good news is, teams from Google, Microsoft, and Apple collaborated to implement this method in their softwares (browsers), following the specs from FIDO , to enable Password-less login . And we are really excited to bring the same into your Sembark Dashboard. With this method, you can restrict access to your account on particular device(s). You can also completely disable password-based login for your account.

Requirements

The concept of Password-less login is similar to having a lock (account access) with two slots for two different keys/passwords (i.e. public and private keys). An account can only be accessed if you have both the keys at the same time. One of the key (public-key) is stored on the server and the other key (private-key) is stored on a device known as Authenticator. These Authenticators may have additional features such as PIN code or biometric sensors (fingerprint, facial recognition…) that offer user verification.

Roaming Authenticators

Authenticators of this class are removable from, and can "roam" among, client devices such as Bluetooth connected Phone, USB or a Card with NFC Capabilities. If your PC doesn't have a security chip, then connecting your PC to your personal Smartphone via Bluetooth will enable you to use your Phone as Authenticator.

Platform Authenticators

A platform authenticator is usually not removable from the client device. For example an Android smartphone or a Windows 10/Mac computer with the associated security chips can act as an authenticator.

Device Registration

Once you have an Authenticator as mentioned above, to register a particular device, first login into the device using your password. Now, open your Profile > Password and Authentication and click on Add Passkey to start the device registration.

Next, click on Get Started with Passkeys button to initiate the process. This will initiate the device registration process.

As the last step, you will be requested to assign a name to your device. Give a name to your device (e.g. Chrome Office PC) and continue. Once completed, refresh the page and you should see your device in the listing page.

Test Login

To check if your password-less login is working on the device, click on Test Login . This will initiate a similar workflow with your Authenticator.

Once successful login, you should receive a success message. This will also update your login screen on this device to include the passwordless login method as shown below.

Disable Password Login

Once you have registered all the devices where you want to access your account, you might want to disable login via password. This way, no-one can login into your account using your password. Only the registered devices will be able to access your account via password-less login.

Admin Access Control

Admins users can disable/enable password-login for any account as per the requirements. This allows Admins to control access of team members on particular devices. For example, if we want to restrict account access to the Office's PCs only, Admin can request all the team members to register their respective PC and then he/she can disable password-login for all team members. This way, team members can safely access their account on allowed devices.