docs
authentication

Security Key Authentication

Security keys offer a physical, hardware-based method for secure authentication, adding an extra layer of protection to your account with devices like USB drives, phones, or other hardware tokens.

Introducing the ultimate in physical, two-factor authentication. They provide a robust, tamper-proof layer of security by requiring a physical device as part of the authentication process. This makes it nearly impossible for hackers to access your account remotely, even if they have your password.

What Are Security Keys?

Security keys are physical devices that authenticate your identity by connecting to your device (via USB, Bluetooth, or NFC – in this demo, I use Bluetooth). The key interacts with your application to confirm that you are who you say you are before granting access.

How It Works Behind the Scenes

  1. Key Registration: During setup, you register your security key with your account, creating a secure association between the device and your account.
  2. Authentication: Upon login, the server issues a challenge to the security key, which uses a private cryptographic key stored on the device to generate a response. The server then verifies this response using the corresponding public key.

By requiring physical possession of the security key, this method offers significant protection against phishing, man-in-the-middle attacks, and other types of account compromise, making it ideal for high-security environments.

How to Set Up and Test Security Keys

Setting up security keys in this demo is straightforward:

  1. Register a Device: Select the security key option from the list of 2FA methods when prompted.
  2. Follow the Instructions: You can register a physical USB security key or a mobile device using Bluetooth or NFC.
  3. Done! Your security key is now securely linked to your account.

To test:

  1. Log out of your account.
  2. On the login screen, select Sign in with security key.
  3. If passkey authentication is the default, press Esc to switch to the security key option. A system popup will appear with options like Use a phone or tablet and USB security key. (Note: This popup is shown only if the necessary devices are detected. Be sure to complete the registration process first.)
  4. Insert or connect your registered security key to complete the authentication process.

Why Security Keys Matter for Startups

  • Ultimate Protection: Security keys provide robust protection against phishing, brute-force attacks, and social engineering, making them one of the most secure authentication methods available.
  • Multi-Device Support: Whether using a USB key, mobile phone, or other hardware devices, security keys offer flexibility and compatibility across devices, ensuring that your users can authenticate from any platform.
  • Scalable: As your business grows, integrating security keys into your authentication system ensures that your users' data remains secure while maintaining a seamless login experience.

Add a physical layer of security to your app with hardware-based security keys—an essential tool for safeguarding sensitive information and ensuring your users’ peace of mind.

Passkeys OAuth Providers