How Passkeys Are Redefining Online Security

Imagine signing into your favorite platforms with just a quick glance at your screen—no more juggling complex passwords or tapping through multiple authentication steps. This seamless vision is now a reality, thanks to an emerging standard called passkeys.

Recently, we sat down with Enonic’s Software Architect, Sergey Rymsha, to discuss how passkeys are set to transform online security and user experience. Here’s what we learned.

What Are Passkeys?

Passkeys are a secure and user-friendly authentication method. With the traditional password, you typically write a string of characters you can barely remember or that may be compromised in a password leak.

Passkeys, on the other hand, make use of the existing security methods built into your device—such as Face ID, Touch ID, fingerprint recognition, or PIN. Thus Google calls passkeys an “easier and more secure alternative to passwords.”

Under the hood, security is hard, but passkeys put the burden on the technology—not the user. Just show your face or fingerprint, and you’re in!

Passkeys are based on FIDO2 technology. This is a standard created by industry giants like Apple, Google, and Microsoft, together with organizations like the FIDO Alliance and the World Wide Web Consortium (W3C).

See also: What’s Cooking? Enonic AI Content Agent »

Why Passkeys Matter for Enonic

At Enonic, ensuring secure access to business-critical systems is a top priority. We are constantly evaluating cutting-edge security measures that enhance user experience while raising the bar on security. Passkeys fit perfectly into this mission for several reasons:

1. Broad Integration: Many of the services Enonic relies on, such as Google and GitHub, already offer passkey support. This means that adding passkey-based authentication to your Enonic XP instance is a natural next step.
2. Simplified Authentication: By using passkeys, logging into our platform through Google or other integrated services becomes as simple as a glance at your smartphone or a quick fingerprint scan. This ease of use is a game-changer for both developers and end-users.
3. Enhanced Security: While two-factor authentication (2FA) was a major leap forward in securing accounts, it’s not bulletproof. Phishing attacks and other vulnerabilities can still trick users into sharing codes. Passkeys eliminate these risks entirely by removing the need for human-readable secrets—no more typing or tapping codes that could be intercepted.

Don’t miss: Build a fast and modern site with Next.js and headless CMS »

What’s Next?

For developers, businesses, and organizations seeking to stay ahead in the security landscape, now is the time to embrace passkeys. Start migrating your authentication flows where possible, and build on these technologies to keep your accounts and systems safe.

After all, passkeys are the culmination of decades of cryptographic innovation—now delivered in an interface as simple as a smile.

In short: Passkeys are here, they’re simpler, and they’re more secure. Don’t miss the opportunity to adopt this new standard and step confidently into a passwordless future.