Passkey Plus

Next-generation passwordless authentication that works alongside your existing solutions

Passkey Plus

The Future of Authentication is Here

AuthAction's Passkey Plus is a modern passwordless authentication solution that leverages FIDO2/WebAuthn standards to provide highly secure, phishing-resistant authentication without the hassles of traditional passwords.

Passkey Plus can be easily integrated alongside your existing authentication solutions, allowing users to choose their preferred login method while enhancing security through modern authentication protocols. It works both during the login process and as an additional security layer in settings pages, where users need to re-authenticate for sensitive operations.

Request Demo View Documentation API Reference

Why Passkey Plus?

The evolution beyond passwords offers significant benefits

Enhanced Security

Passkeys use public key cryptography, making them significantly more secure than passwords and resistant to phishing, replay attacks, and database breaches.

Better User Experience

No more forgotten passwords or complex password requirements. Users can authenticate with a simple biometric verification or device PIN.

Cross-Platform Support

Passkeys work across devices and platforms, syncing securely via the cloud to provide a consistent authentication experience everywhere.

Key Features

What makes Passkey Plus the best passwordless solution

Biometric Authentication

Leverage the security of fingerprint, face recognition, or other biometric methods built into users' devices.

  • Fingerprint scanning
  • Facial recognition
  • Device PIN fallback

Cross-Device Sync

Passkeys sync securely across a user's devices, providing a seamless experience across phones, tablets, and computers.

  • iCloud Keychain support
  • Google Password Manager
  • Other password managers

Phishing-Resistant

Passkeys are bound to the origin website, making them immune to phishing attacks that plague traditional passwords.

  • Origin binding
  • Cannot be stolen or reused
  • Server verification

Flexible Integration

Easily integrate with your existing authentication systems, allowing for gradual adoption and coexistence.

  • Works alongside passwords
  • Optional step-up authentication
  • Gradual rollout support

Universal Standard

Built on FIDO2/WebAuthn standards, supported by major platforms and browsers for wide compatibility.

  • W3C WebAuthn standard
  • FIDO Alliance certified
  • Major browser support

Analytics & Reporting

Gain insights into passkey adoption, usage patterns, and authentication success rates.

  • Adoption metrics
  • Authentication analytics
  • Custom reporting

How It Works

Seamless registration and authentication with Passkey Plus

Registration

  1. User chooses to create a passkey during sign-up or in account settings
  2. Browser or operating system presents a passkey creation prompt
  3. User authenticates with their biometric or device PIN
  4. A new cryptographic key pair is generated on the device
  5. Public key is sent to AuthAction; private key stays on user's device
  6. Passkey is securely synced across the user's devices (if supported)

Authentication

  1. User visits your application and clicks "Sign In"
  2. Your application requests authentication via AuthAction's Passkey Plus
  3. User is prompted to authenticate with their passkey
  4. User confirms with biometric or device PIN
  5. Passkey creates a cryptographic signature that can only be verified with user's public key
  6. AuthAction verifies the signature and authenticates the user 
// Example Frontend JavaScript implementation
import { AuthActionPasskey } from '@authaction/passkey-plus-sdk';

// Initialize Passkey Plus
const passkeyPlus = new PasskeyPlus({
  tenantDomain: "your-tenant.region.authaction.com",
  appId: "your-passkey-plus-app-id",
});

// Get transaction id from your backend application using AuthAction API and register passkey
// Verify nonce with your backend application
async function registerPasskey(transactionId) {
  try {
    const nonce = await passkeyPlus.register(transactionId);
  
    return nonce;
  } catch (error) {
    console.error('Registration error:', error);
  }
}

// Get transaction id from your backend application using AuthAction API and authenticate with passkey
// Verify nonce with your backend application
async function authenticateWithPasskey(transactionId) {
  try {
    const nonce = await passkeyPlus.authenticate(transactionId);
    
    return nonce;
  } catch (error) {
    console.error('Authentication error:', error);
  }
}

Frequently Asked Questions

Common questions about Passkey Plus

If a user's passkeys are synced across their devices through a cloud service like iCloud Keychain or Google Password Manager, they can simply use another device to authenticate. For users without synced passkeys, we provide account recovery options including email verification, backup codes, or other recovery methods you configure.

Passkey Plus is designed to work alongside your existing authentication systems, allowing for a gradual transition. You can offer passkeys as an alternative login method or additional security layer. Many organizations start by implementing passkeys as an option and gradually transition to a passwordless-first approach as user adoption increases.

Passkeys are supported across major platforms including iOS, Android, Windows, and macOS, and in all major browsers like Chrome, Safari, Firefox, and Edge. Our solution includes fallback mechanisms for older browsers or devices that don't support the WebAuthn standard. We provide detailed compatibility information in our documentation to help you understand support across your user base.

Passkeys are significantly more secure than traditional passwords. They use public-key cryptography, where the private key never leaves the user's device and cannot be extracted. This makes them immune to common attacks like phishing, credential stuffing, and database breaches. Each passkey is unique to the website it was created for, so even if an attacker somehow obtained the passkey, they couldn't use it on a different site.

Ready to go passwordless?

Experience the security and convenience of Passkey Plus with a free trial. Enhance your authentication system today!

Start Free Trial View Pricing