Passkeys get more uptake for enterprise, public sector applications

Oracle Cloud Infrastructure Identity and Access Management (OCI IAM) will support passkeys for passwordless authentication.

Compliant with the FIDO2 standard, passkeys pair private and public components of a cryptographic key to verify users. The private key is stored on a user’s device, behind its biometric safeguards. This lowers the risk of data and credential exposure via phishing, brute force attacks, and other methods of digital fraud.

“Passkeys are typically protected by your device biometric or PIN,” said Oracle in a blog post announcing the introduction of passkeys in OCI IAM. “So, even if the device is stolen, passkeys are protected against improper use.”

Joining a growing chorus of organizations moving away from traditional passwords, the post goes on to say that passkeys “eliminate the need to remember complex passwords altogether. You only need to possess your passkey enabled device, such as a smartphone, to authenticate.”  That growing chorus includes launches by X and LinkedIn for consumers and Microsoft for enterprise users.

Passkeys picked up for public sector use

Trusona has partnered with Carahsoft Technology Corp. to make the Trusona Authentication Cloud, a passkey-as-a-service platform, available to the public sector.

Carahsoft’s reseller partners who signed contracts as part of the deal include Information Technology Enterprise Solutions – Software 2 (ITES-SW2), National Association of State Procurement Officials (NASPO) ValuePoint, OMNIA Partners and NASA Solutions for Enterprise-Wide Procurement (SEWP).

According to a release from Carahsoft, the Trusona Authentication Cloud allows organizations to “deploy passkeys to their websites and achieve MFA compliance with phishing-resistant security.”

“Since passkeys remove the need for legacy 2FA methods such as SMS OTP,” says the release, “agencies can reduce their SMS transaction spend by as much as 50 percent.” Per Carahsoft’s website, Trusona Authentication Cloud is available through Carahsoft’s ITES-SW2 Contract W52P1J-20-D-0042, NASPO ValuePoint Master Agreement #AR2472, The Quilt Master Service Agreement Number MSA05012019-F and SEWP V contracts NNG15SC03B and NNG15SC27B.

Trusona, which is part of the FIDO Alliance board, will co-present a webinar on how to add passkeys to applications and systems working with outdated identity protocols. Strata Identity, which offers “Identity Orchestration” services, will also participate in the presentation. According to a release, attendees can expect to learn how to use Strata’s Maverics Identity Orchestration Platform to decouple identity from legacy apps, so Trusona’s passkey-as-a-service platform can be added to apps that do not support modern ID protocols such as OIDC and SAML.

The 30-minute online webinar takes place Thursday, September 14 at 1pm ET. Interested parties can register to attend the virtual event here.

Article Topics

biometrics  |  Carahsoft  |  enterprise  |  identity access management (IAM)  |  Oracle  |  passkeys  |  passwordless authentication  |  Trusona