Serverless Passkeys
Frictionless multi factor authentication for web apps. Passkeys are the future and with Passlock you can be up and running in 30 mins - for free! 😎
Why passkeys?
Secure, frictionless authentication
Passkeys are a replacement for passwords. Passkeys verify identity using public key technology, along with facial recognition, fingerprint scanning or PINs.
- Supported by Apple, Google & Microsoft
All the major browsers now support Passkeys. Native biometric authentication is provided by Face ID, Touch ID, Windows Hello & others.
- No more password policies 😍
Infosec practitioners love them, but users hate them. Passkeys eliminate the need for complex password policies, to the certain delight of your users.
- Multi-factor authentication
Ditch email & SMS codes. Forget Google authenticator. Passkeys make secondary authentication factors redundant.
- Cross-device authentication
Use Face ID on an iPhone to sign in on a desktop browser. Passkeys deliver a streamlined sign in experience across multiple devices.
- Immune to phishing
Even if the user wants to, browsers won't use a passkey for anything other than the intended site, negating one of the easiest attack vectors.
- No more forgotten passwords
Private keys can be synced to a user's cloud account e.g. iCloud. Alternatively a backup device can be used for account recovery.
Try Passlock yourself
Passkeys Demo
Note: Your data will be deleted from our servers after 60 minutes. However, your client side Passkey will remain on your device/keychain unless you manually remove it.
const passlock = new Passlock({ tenancyId, clientId })// send token to your backend for verification const { token } = await passlock.registerPasskey({ email: form.email.value, givenName: form.givenName.value, familyName: form.familyName.value })
Why Passlock?
Passkeys in under 30 minutes
We've made it really easy to add primary and multi factor authentication to your web apps using FIDO passkeys. You really can be up an running in under 30 minutes!
- Simple.
- You don't need to know the underlying WebAuthn API or FIDO specs. We handle all the cryptographic stuff for you.
- Use ANY frontend.
- The Passlock client library is framework agnostic, working with anything from vanilla JS through to React/Redux.
- Secure.
- We run on AWS, utilizing many of their enterprise products to protect the confidentiality, integrity and availability of your data.
- Choose ANY backend.
- Node, Python, Go or .NET - it doesn't matter. If you can call a REST endpoint or handle a JWT, you're good.
- No vendor lock in.
- Migrate to another platform or in house solution at any time with full export capabilities, including public key credentials.
%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%20205.4%2076.7'%20style='enable-background:new%200%200%20205.4%2076.7;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%2300ACD7;}%20%3c/style%3e%3cg%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M15.5,23.2c-0.4,0-0.5-0.2-0.3-0.5l2.1-2.7c0.2-0.3,0.7-0.5,1.1-0.5h35.7c0.4,0,0.5,0.3,0.3,0.6l-1.7,2.6%20c-0.2,0.3-0.7,0.6-1,0.6L15.5,23.2z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M0.4,32.4c-0.4,0-0.5-0.2-0.3-0.5l2.1-2.7c0.2-0.3,0.7-0.5,1.1-0.5h45.6c0.4,0,0.6,0.3,0.5,0.6l-0.8,2.4%20c-0.1,0.4-0.5,0.6-0.9,0.6L0.4,32.4z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M24.6,41.6c-0.4,0-0.5-0.3-0.3-0.6l1.4-2.5c0.2-0.3,0.6-0.6,1-0.6h20c0.4,0,0.6,0.3,0.6,0.7L47.1,41%20c0,0.4-0.4,0.7-0.7,0.7L24.6,41.6z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%3e%3cg%20id='CXHf1q_3_'%3e%3cg%3e%3cg%3e%3cpath%20class='st0'%20d='M128.4,21.4c-6.3,1.6-10.6,2.8-16.8,4.4c-1.5,0.4-1.6,0.5-2.9-1c-1.5-1.7-2.6-2.8-4.7-3.8%20c-6.3-3.1-12.4-2.2-18.1,1.5c-6.8,4.4-10.3,10.9-10.2,19c0.1,8,5.6,14.6,13.5,15.7c6.8,0.9,12.5-1.5,17-6.6%20c0.9-1.1,1.7-2.3,2.7-3.7c-3.6,0-8.1,0-19.3,0c-2.1,0-2.6-1.3-1.9-3c1.3-3.1,3.7-8.3,5.1-10.9c0.3-0.6,1-1.6,2.5-1.6%20c5.1,0,23.9,0,36.4,0c-0.2,2.7-0.2,5.4-0.6,8.1c-1.1,7.2-3.8,13.8-8.2,19.6c-7.2,9.5-16.6,15.4-28.5,17%20c-9.8,1.3-18.9-0.6-26.9-6.6c-7.4-5.6-11.6-13-12.7-22.2c-1.3-10.9,1.9-20.7,8.5-29.3c7.1-9.3,16.5-15.2,28-17.3%20c9.4-1.7,18.4-0.6,26.5,4.9c5.3,3.5,9.1,8.3,11.6,14.1C130,20.6,129.6,21.1,128.4,21.4z'/%3e%3c/g%3e%3cg%3e%3cpath%20class='st0'%20d='M161.5,76.7c-9.1-0.2-17.4-2.8-24.4-8.8c-5.9-5.1-9.6-11.6-10.8-19.3c-1.8-11.3,1.3-21.3,8.1-30.2%20c7.3-9.6,16.1-14.6,28-16.7c10.2-1.8,19.8-0.8,28.5,5.1c7.9,5.4,12.8,12.7,14.1,22.3c1.7,13.5-2.2,24.5-11.5,33.9%20c-6.6,6.7-14.7,10.9-24,12.8C166.8,76.3,164.1,76.4,161.5,76.7z%20M185.3,36.3c-0.1-1.3-0.1-2.3-0.3-3.3%20c-1.8-9.9-10.9-15.5-20.4-13.3c-9.3,2.1-15.3,8-17.5,17.4c-1.8,7.8,2,15.7,9.2,18.9c5.5,2.4,11,2.1,16.3-0.6%20C180.5,51.3,184.8,44.9,185.3,36.3z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)
Plus many other frameworks
How it works
As easy as social sign-in
Our frontend library returns a token that you send to your backend for JWT or REST verification.
Passkey registration
- registerPasskey() - Returns a token that you send to your backend as part of your registration process.
- Verify the token. Your backend code verifies the token is authentic by calling our REST API.
- Link the Passkey ID. Link the Passkey ID with a user in your database.
Frequently asked questions
Passlock is free for personal and commercial use.