Posted by Amy Zeppenfeld – Developer Relations Engineer

Passkeys are main the cost in the direction of a safer future with out passwords. Passkeys are a brand new kind of cryptographic credential that leverages FIDO2 and WebAuthn to offer an authentication mechanism that’s phishing-resistant, person pleasant, easy to implement, and safer than password-based authentication. Most main working techniques and browsers now characteristic full passkey help. Passkeys are anticipated to interchange passwords because the predominant authentication mechanism within the not-too-distant future, and builders are suggested to start implementing passkey-enabled authentication options at the moment.

As you implement passkeys in your app or internet service, take a second to implement a passkey endpoints well-known URL.

This can be a standardized strategy to promote your help for passkeys and optimize person expertise. This well-known URL will permit third get together companies like password managers, passkey suppliers, and different safety instruments to direct customers to enroll and handle their passkeys for any web site that helps them. You need to use app-links or deep linking with the passkey-endpoints well-known URL to permit these pages to open straight in your app.

Password administration device utilization has been steadily rising, and we count on most suppliers will combine passkey administration as nicely. You possibly can permit third get together instruments and companies to direct your customers to your devoted passkey administration web page by implementing the passkey-endpoints well-known URL.

The most effective half is that generally you may implement this characteristic in two hours or much less! All it is advisable do is host a easy schema in your web site. Try the instance beneath:

1. For an online service at https://instance.com, the well-known URLwould be https://instance.com/.well-known/passkey-endpoints
2. When the URL is queried, the response ought to use the next schema:

Word: You possibly can determine the precise worth of the URLs for each enroll and handle primarily based in your web site’s personal configuration.

If in case you have a cell app, we strongly advocate using deep linking to have these URLs open the corresponding display for every exercise straight in your app to “enroll” or “handle” passkeys. This can hold your customers targeted and on observe to enroll into passkeys.

And that’s it!

Additional particulars and examples could be discovered within the passkey endpoints well-known URL explainer.