Rendered documentation
This page renders the module Markdown and Mermaid directly from the public documentation source.
Overview#
Passwordless Authentication delivers FIDO2/WebAuthn-based passkey authentication with biometric verification and hardware token support. The platform eliminates passwords while achieving high authentication success rates and sub-second login times. Organizations can deploy phishing-resistant, passwordless authentication using platform authenticators (Face ID, Touch ID, Windows Hello), cross-platform authenticators (USB security keys, NFC devices), and hardware tokens (YubiKey, Titan Security Key).
Key Features#
Passkey Registration and Management#
Register passkeys in under 30 seconds using biometric sensors or hardware tokens. Support for multiple credentials per user for backup and multi-device access. User-friendly management interface for renaming, deleting, and prioritizing registered passkeys.
Biometric Authentication#
Native platform biometric integration with Face ID, Touch ID, Windows Hello, and Android biometric APIs. Platform-level liveness detection and secure enclave storage ensure private keys never leave the device. Sub-second authentication from credential presentation to session establishment.
Hardware Token Support#
Full support for FIDO2 security keys including YubiKey (all models), Google Titan, Feitian, and Thetis devices. Hardware tokens provide physical-presence authentication for high-security environments and serve as backup credentials for account recovery.
Cross-Platform Passkeys#
Authenticate on desktop using passkeys stored on mobile devices via FIDO2 cross-platform authentication with secure QR code and Bluetooth pairing. Works across Chrome, Safari, Edge on Windows, macOS, iOS, and Android.
WebAuthn Timeout Management#
The platform applies intelligent timeout handling to WebAuthn credential requests to prevent passkey prompts from hanging indefinitely. An adaptive timeout computation adds a safety buffer to the server-specified timeout while enforcing a maximum ceiling, and an AbortController terminates stalled credential requests when the timeout expires. Separate loading states for password and passkey authentication ensure that one authentication method in flight does not affect the UI state of the other.
Account Recovery#
Multiple recovery methods without security questions or email resets: backup passkeys, synced credentials via iCloud Keychain or Google Password Manager, admin-assisted recovery with multi-factor identity verification, and offline recovery passkeys for complete device loss scenarios.
Zero Phishing Risk#
Public-key cryptography with origin binding prevents credential theft and replay attacks. Private keys are generated and stored in device hardware security modules and never transmitted to the server.
Use Cases#
- Enterprise Authentication: Replace password-based login with phishing-resistant biometric authentication across the organization while maintaining compliance with NIST 800-63B AAL3.
- High-Security Operations: Hardware token enforcement for administrative access, financial transactions, and classified information handling.
- Multi-Device Workers: Authenticate seamlessly across personal and work devices using synced passkeys or cross-platform QR code authentication.
Integration#
Available through authentication API with registration and verification operations. Supports FIDO2 Level 2 certification, NIST 800-63B AAL3, and PCI DSS SCA compliance. Complete audit logs for every passkey action with configurable retention policies.
Last Reviewed: 2026-04-02