Passkeys

Introduction

Passkeys, or Web Authentication, is a modern web standard that facilitates secure logins to websites and applications using various authentication methods, including a security key, fingerprint, or other biometric options (such as Windows Hello, Apple Touch ID/Face ID, Yubico YubiKey, etc.).

Passkeys provide a more secure and user-friendly authentication experience by eliminating the need for passwords. They enhance security by leveraging devices like security keys, making the authentication process resistant to phishing attacks.

Prerequisites

Before integrating Passkeys, ensure that your application meets the following prerequisites:

  • HTTPS is enforced for myDBR
  • Users have a compatible device for authentication

Preparation

Setting up Passkeys involves users navigating to Settings and registering a security key. Once registered, a public key for the user is stored in myDBR. Users have the flexibility to store multiple keys if needed, for example, when the server serves reports for multiple hostnames.

With Passkeys, users can log in without a password, leveraging biometric authentication. When using Passkeys, enabling the 'Remember Me' checkbox on the login screen stores the username in the browser. This prompts myDBR to initiate biometric authentication as soon as the user accesses the login screen.