October 13, 2023 at 04:38PM
Passkeys, a passwordless authentication technology supported by major internet firms like Apple, Google, and Microsoft, offer a user-friendly solution for accessing websites and cloud applications. However, their usability does not meet the control and attestation requirements of large corporations. Passkeys are expected to be integrated into the existing public key infrastructure (PKI) or credential-based system used by enterprises. While passkeys can eliminate the risk of phishing attacks, businesses are still hesitant to adopt them. Passkey providers and identity-and-access-management companies need to address the concerns of enterprises for wider adoption in the corporate world.
Based on the meeting notes, the growing support for passkeys means that consumers and small businesses now have an easy-to-use technology for passwordless access to websites and cloud applications. Passkeys are supported by major internet firms like Apple, Google, and Microsoft, which simplifies their use for consumers. However, passkeys may not be suitable for large corporations as they lack the control and attestation necessary in such environments. Passkeys are likely to develop into an optional factor in the current public key infrastructure (PKI) or credential-based system in large corporations.
Major companies like Google, Apple, and Microsoft have already started supporting passkeys in their hardware and software. Passkeys have the potential to eliminate phishing attacks as there are no passwords to steal. Recovering passkeys when a device is lost has been a challenge, but Apple, Google, and Microsoft solve this problem by tying the keys to their services.
Despite the promise of passkeys, businesses are still hesitant to adopt them. Passkeys hold the promise of providing a standardized PKI for companies, but there are four requirements that need to be met: guaranteeing that keys cannot move, solving the recovery problem, working across different devices and browsers, and allowing centralized management of policy for devices.
While some small businesses may mandate the use of passkeys, larger companies are more likely to encounter passkeys as an authentication option for their customers. If the enterprise-use problems of passkeys are solved by passkey providers and identity-and-access-management (IAM) companies, passkeys could become more popular in business settings. IAM companies like Okta focus on managing identities and access privileges, ensuring device security, and supporting a zero-trust approach to security in the workforce identity context.