Scalekit now supports Passkeys — a modern, passwordless authentication method built on FIDO2® standards (WebAuthn and CTAP).
Passkeys replace passwords with biometric authentication such as fingerprint, face recognition, or device PINs, allowing users to log in securely and effortlessly.
With this release, Scalekit customers can enable passkey-based authentication directly from the Scalekit Dashboard, giving end users a phishing-resistant, cross-device, and one-tap login experience.
Why Passkeys matter
Passwords were not designed for the speed, automation, or threat landscape of modern applications. AI-driven attacks can now guess, phish, or replay credentials at scale, while users still struggle with password resets and recovery loops.
Passkeys solve this by replacing shared secrets with asymmetric cryptography.
Each user’s device generates a public-private key pair, ensuring:
- The private key never leaves the user’s device.
- The public key is stored securely on the server.
- Each login creates a unique, one-time cryptographic signature.
This means authentication cannot be intercepted, reused, or phished — making passkeys one of the most secure and user-friendly login methods available today.
Key benefits
Phishing-proof login
- Each login uses cryptographic verification, not passwords or one-time codes.
- Protects against phishing and credential stuffing attacks.
Seamless user experience
- Users sign in with fingerprint, face scan, or PIN.
- No passwords to remember or reset.
Cross-device continuity
- Passkeys sync securely via iCloud Keychain or Google Password Manager.
- Users can log in instantly from any trusted device.
Faster onboarding
- Combine passkeys with magic links or social logins.
- Reduce signup friction and boost conversion rates.
Low-effort integration
- Enable passkeys directly within your Scalekit Auth setup.
- No infrastructure rebuilds or complex migrations required.
What’s new
Scalekit customers can now:
Enable Passkeys in the dashboard
- Navigate to Scalekit Dashboard → Authentication → Auth Methods → Passkeys → Enable.
- Passkey registration and login will automatically be supported for your users.
Allow users to manage their Passkeys
- Users can register and manage passkeys through Scalekit’s hosted UI.
- Simply redirect them from your app to:
<SCALEKIT_ENVIRONMENT_URL>/ui/profile/passkeys - On this page, users can register new passkeys, view existing ones, or remove them when needed.
Build custom management interfaces
For teams that prefer a fully branded experience, Scalekit offers APIs to:
- List a user’s registered passkeys.
- Rename existing passkeys.
- Remove passkeys entirely.
- Passkey registration itself remains supported through Scalekit’s UI for compatibility and security consistency.
Login with Passkeys
- Once registered, users can select “Passkey” on the login page.
- Scalekit’s backend authenticates the passkey through the browser’s native WebAuthn API, prompting the user to verify with their biometric or device PIN.
- Passkeys can function as a standalone login or as an additional method alongside magic links, verification codes, or social logins
Introduce Passkeys to your app, today! Learn more with docs.
