Page 36 - Informatics_January_2025
P. 36
Technology Update
Passkeys and WebAuthn
Revolutionizing Authentication with
the Passwordless Technology
Edited by C.J. ANTONY
n today’s digital era, securing online identities Why Passkeys and WebAuthn?
is more critical than ever. Traditional password-
Ibased authentication systems are increasingly Enhanced Security
vulnerable to cyber threats such as phishing, Passkeys and WebAuthn are • Protection Against Phishing: Passkeys and We-
credential stuffing, and brute-force attacks. In bAuthn are resistant to phishing attacks because
this context, Passkeys and WebAuthn represent revolutionizing digital authenti- they rely on domain-bound credentials that can-
transformative advancements poised to redefine cation by eliminating passwords not be reused on malicious websites.
authentication paradigms. •
and enhancing security. WebAu- Elimination of Passwords: By removing pass-
What is WebAuthn? thn, a FIDO2 standard, uses pub- words entirely, these technologies mitigate risks
Web Authentication (WebAuthn) is a core com- from weak, reused, or compromised credentials.
ponent of the FIDO2 (Fast IDentity Online) stan- lic key cryptography for secure Improved User Experience
dard, developed by the FIDO Alliance and the authentication, storing private •
World Wide Web Consortium (W3C). WebAuthn keys on devices and preventing Ease of Use: Users no longer need to create or
eliminates the reliance on passwords by lever- remember passwords. Authentication becomes
aging public key cryptography. It allows users to phishing and credential theft. In as simple as scanning a fingerprint or using facial
authenticate using more secure methods, such Kerala’s Entebhoomi Integrated recognition.
as biometrics (fingerprint or facial recognition) or • Cross-Platform Support: Passkeys work seam-
hardware security keys. Land Information Management lessly across devices, making the user experience
At its core, WebAuthn works by: System (ILIMS) project, passkeys consistent and hassle-free.
• Generating a unique key pair (public and pri- are integrated into the Single
vate keys) for every service or application. Sign-On (SSO) system to ensure Compliance and Privacy
• Storing the private key securely on the user’s secure access to land-related • WebAuthn is designed to comply with global
device. data protection regulations. User credentials are
• Sending the public key to the server for au- services. With stringent mea- stored locally on devices, ensuring privacy and
thentication. sures like single-passkey regis- reducing centralized storage risks.
The server never has access to the private tration per user and OTP-based Devices Compatible with Passkeys
key, reducing the risk of credential theft during verification, the system balanc- Passkeys are compatible with a wide range
breaches. of modern devices equipped to handle FIDO2/
es usability and robust security.
The Rise of Passkeys As global adoption grows, these WebAuthn standards. Smartphones, particularly
Passkeys build upon the WebAuthn standard to Android and iOS devices, are highly feasible due
to their robust security features, including secure
create a seamless, user-friendly authentication technologies promise a safer, hardware like Android’s Secure Element and iOS’s
experience. A passkey is a passwordless creden- passwordless future for digital Secure Enclave for storing cryptographic keys.
interactions. These devices also feature built-in biometric au-
thentication, such as fingerprint or facial recogni-
tion, enabling seamless, secure, and user-friend-
Syamkrishna B.G. ly passwordless authentication. In addition to
Scientist-C smartphones, tablets and laptops with secure
syam.krishna@nic.in hardware (e.g., Secure Enclave, TPM) and biomet-
tial tied to a device and secured through biomet- ric capabilities are common choices. Dedicated
ric or PIN-based verification. It eliminates the physical options like hardware security keys (e.g.,
need for users to remember complex passwords YubiKey, Google Titan) provide enhanced secu-
while maintaining robust security. rity for sensitive environments. Furthermore,
Amiya Manayath Passkeys work by synchronizing between de- desktops with compatible biometric devices and
Scientist-B vices via cloud storage—like Apple’s iCloud Key- cloud-based platforms like iCloud Keychain and
amiya.m51@nic.in chain or Google Password Manager—ensuring Google Password Manager extend passkey func-
accessibility across platforms while maintaining tionality, offering cross-platform synchronization
strong encryption and privacy controls. and accessibility for modern digital interactions.
36 informatics.nic.in January 2025
