Facebook has introduced passkeys as a new sign-in option for its mobile app on Android and iOS platforms, aiming to simplify user authentication while enhancing security. According to the company, passkeys utilize the fingerprint, facial recognition, or PIN commonly used to unlock the device, removing the need for users to remember multiple passwords. Initially available for Facebook, this feature will also be integrated into Messenger in the upcoming months.
Passkeys on Facebook
In a blog announcement, Facebook outlined its adoption of passkeys, a technology developed by the FIDO Alliance. These passkeys are widely recognized as a safer alternative compared to conventional passwords and one-time passwords (OTPs), offering improved resistance to phishing and password-spraying attacks through unique account-specific generation.
With the implementation of passkeys on Facebook, users can log into their accounts on compatible devices using either their Facebook credentials or their biometric data. Verification can be accomplished via fingerprint scanning, facial recognition, or PIN entry.
Currently, the passkeys feature is only available on mobile devices. Users attempting to log in on desktop platforms will still need to enter their username and password for authentication.
Facebook ensures that both passkeys and associated biometric or PIN information are securely stored locally on the device, safeguarding them from visibility by anyone, including Facebook itself. Users can set up and manage their passkeys through the Accounts Centre found under the Settings menu on Facebook. The app may also prompt users to establish a passkey upon logging into their accounts.
Each passkey will be assigned using the user’s confirmed email address as the identifier; if that information is unavailable, a phone number will be utilized instead. Users will not have the option to modify the name associated with their passkey, even if their contact information changes. Additionally, Facebook reassures users that other authentication methods, such as passwords, will remain accessible for account access on devices that do not support passkeys yet.
Beyond just logging in, passkeys will also facilitate the secure autofill of payment details for transactions using Meta Pay. In the coming months, users will also be able to log in to Messenger and secure their encrypted message backups with their passkey.
