This paper explores the emerging practices surrounding the use of synced passkeys which allow passkey use across multiple devices by syncing the passkeys over the cloud, specifically addressing the initial choices and considerations for service providers (aka relying parties or RPs). These practices are in their early stages and are likely to progress, since operating systems, browsers, and passkey providers are still in a phase of enhancing functionality. This document outlines crucial areas such as registration, authentication, passkey management, and accessibility for RPs to consider and presents a range of emerging approaches for adopting this technology. The objective is to guide RPs through these budding strategies, acknowledging that the specifics of ensuring secure and convenient passkey usage may evolve as the digital landscape continues to advance.
This paper is written with independence for each section, allowing readers to read specific topics of interest without the need to read the entire paper from the beginning.
This white paper is intended for various stakeholders of relying parties, including non-developers, such as information security executives, product owners, identity and access management practitioners, UI/UX designers, and accessibility practitioners.
