Passkeys and PlainKey

What is a passkey?

A passkey is a modern way to authenticate without passwords. Users verify their identity with a fingerprint, face scan, PIN, or the push of a button. They can be stored on your phone, computer, in a password manager, or on a physical security key.

Why passkeys?

Passkeys improve both security and user experience.

• Simpler for users - Authentication happens with a fingerprint, face scan, PIN, or security key instead of typing and remembering passwords.
• Resistant to attacks - Passkeys are bound to specific domains and can't be used on phishing sites. Even if a server is breached, there are no passwords to steal or reuse.
• An industry standard - Built on the WebAuthn standard, passkeys are supported by all modern browsers and platforms. They are quickly becoming the expected way to sign in and authenticate on the web.

What is PlainKey?

PlainKey is a passkey service built in Oslo, Norway by Espen Steen. It is hosted in the EU.

PlainKey handles the complex parts of passkey authentication for you: Credential storage, challenge generation, signature verification, and other details of WebAuthn. You use the PlainKey SDK and/or REST API's to easily implement authentication to your site.

PlainKey has been designed with security, privacy, and GDPR compliance in mind.

What PlainKey provides

• Flexible passkey authentication for your website.
  Use it as your primary authentication or as a supplement to your existing authentication system.
• Passkey registration and storage
• Authentication challenges and verification
• SDK and API's for managing passkeys, registration and authentication
• Admin dashboard for managing projects, users, and their passkeys

What you handle

• Your app's UI and user experience
• A few PlainKey SDK methods or API calls
• Your own user database and backend

Getting started

Read the Getting Started guide. You can also try our demo to see a how an app using our SDK looks like in action.