IDmelon Leads the Passwordless Way with First Passkey Management Support on Android

March 14, 2023
4 mins read
Last update:
May 22, 2023

Passkeys are a replacement for passwords and are cryptographically generated digital credentials introduced by FIDO2 WebAuthn, a modern authentication technology, that is tied to user accounts and specific websites or applications. Passkeys eliminate the need for users to remember complex passwords, reducing the risk of weak passwords or password reuse. Moreover, passkeys can mitigate the risk of password-related attacks such as phishing, brute-force attacks, and credential stuffing, as they are typically generated dynamically and not easily replicated or reused.

Operating systems and web browsers, such as Google Chrome, Opera, and Mozilla Firefox, have built-in support for WebAuthn passkeys, which allows websites to request passwordless authentication using devices such as security keys, fingerprint readers, or other biometric devices. This enables users to authenticate without needing passwords directly within the browser, making the authentication process more secure, convenient, and user-friendly.

How do passkeys work?

Websites can utilize users' passkey managers to generate and store unique passkeys for each user and site, eliminating the need for passwords. Passkey uses cryptographically secure public-key encryption and the key is stored on the user’s device and is managed by the device’s passkey manager.

Creating and using passkeys are simple and secure. Once you request registration on a passkey-compatible website or application, the passkey manager will create and store credential upon the user’s confirmation via methods such as biometrics. Once the user returns to the website or app to sign in, the passkey manager prompts the user with available passkeys that the user can select and confirm the biometric to log in. We visually demonstrate the steps later in this article. Passkeys can be accessed across multiple devices facilitating authorized copying of passkeys between devices usually over the cloud.

IDmelon: The Ultimate Solution for Passkey Management

Passkey managers, also known as passkey management solutions, are tools or services that enable the generation, storage, and management of passkeys for passwordless authentication. As a pioneer in the field of FIDO2 passwordless authentication, IDmelon is committed to delivering cutting-edge solutions that provide secure and convenient authentication experiences for users. 

Starting with Android 14,  IDmelon can be registered on Android OS as a passkey manager. By using the IDmelon Android application, register and login processes using a passkey is as easy as a biometric confirmation. The following steps are required for registration:

  1. Tap on the registration with passkey button on the desired application
  2. Click Create a Passkey button
  3. Confirm the biometric
Register a passkey
Register a passkey

Once registered, the login process requires simple steps:

  1. Click on the sign-in/log-in button on the desired applications
  2. Choose the correct registered passkey
  3. Confirm biometric
Login with a passkey
Login with a passkey

Leveraging passkeys on Desktop's browsers

IDmelon's passwordless orchestration platform (IPOP) allows registered passkeys to be synced across all of a user's connected devices, enabling seamless and effortless login experiences across multiple devices. We are also supporting the newly developed WebAuthn standard protocol known as "Hybrid Transport" to bring passkeys to browser for passwordless authentication.

After scanning the QR code with the IDmelon app from smartphone, the browser and the IDmelon app first communicate over Bluetooth to ensure the proximity. Then, the IDmelon app and the browser establish a connection over a negotiated web socket. At the beginning of the connection, both parties perform a handshaking process based on the Noise protocol. During the handshake process, both parties generate a pair of keys that will be used for encrypting the main data. All exchanged data between the IDmelon app and the web browser are encrypted using the AES/GCM algorithm. This feature is currently supported on the latest versions of Google Chrome, Microsoft Edge, and Apple Safari browsers.

See below how IDmelon support registering a passkey for relying party on Chrome browser using smartphone.

Register a passkey on Chrome browser
Register a passkey on Chrome browser

By initially pairing your mobile device and browser, subsequent uses only require a single click for registration or login, making the process seamless and efficient.

Login with a passkey on Chrome browser
Login with a passkey on Chrome browser

IDmelon is excited to announce the upcoming integration of its passkey manager with Android 14 through the smartphone application. This cutting-edge feature will be available to our customers as soon as Android 14 is released. In addition, our customers can now experience seamless authentication for web applications using their smartphones thanks to the utilization of the WebAuthn standard protocol and hybrid transport. While the latest version of the IDmelon Android app already supports hybrid transport, the passkey manager with IPOP will become fully available to users after the Android 14 release.