WebAuthn Authentication Support in Tiki using Passkeys

Introduced in Tiki 29.
Passkeys offer a modern, secure, and passwordless way to log into your Tiki site. Instead of remembering complex passwords, you can use your device’s built-in authentication—like fingerprint, face recognition, or a PIN—to sign in quickly and safely.

What Are Passkeys?

Passkeys are a new type of login credential based on public key cryptography. They’re:

• Phishing-resistant: No secrets are shared with the server.
• Easy to use: Authenticate with biometrics or device PIN.
• Cross-platform: Sync across devices via services like iCloud or Google Password Manager.

Why Use Passkeys in Tiki?

• Stronger security than traditional passwords.
• Faster login experience for users.
• No need to remember passwords or reset them.
• Works with major browsers and platforms (Chrome, Edge, Safari, Android, iOS, Windows, macOS).

How to Enable Passkey (WebAuthn) in Tiki

Note: This feature is available in tiki29 and above.
Make sure your site uses HTTPS and is served from a secure domain.

• Go to Settings → Control Panels → Global Setup → Registration & Log in
• Enable Advanced features, the Enable WebAuth by checking it on.
• Save changes by clicking "Apply"

How to Register a Passkey (User Steps)

• Log into your Tiki account the usual way.
• Go to System Menu → Webauthn
• Click Register Device

• Follow the prompts to register your device (you may be asked to use Face ID, fingerprint, or a PIN).
• Once d You can now log in using your passkey.

Logging In with a Passkey

• Visit your Tiki login page.
• Input your Tiki user name, check Webauth Login and click Log in
• Choose your device or browser-stored credential.
• Authenticate using your device (biometrics or PIN).

Managing multiple devices

Once you have registered your first passkey, you are able to add additional devices or browsers to your account.

On each device or browser:

• Visit your Tiki login page and login into your Tiki account using your existing authentication method (Webauth Login or Password)
• Go to System Menu → Webauthn and click "Register Device"
• Follow the prompts to register your device

You may need to give a recognizable name to your device for easy identification.

To view all the registered devices: Go to System Menu → Webauthn.

What happens if devices are lost?

Before using passkeys ensure you know your Tiki password and your email is address is up-to-date for password recovery.

If you lose a device:

• Log in from another registered device or using your Tiki password
• Make sure to remove the lost device from System Menu → Webauthn authenticators list, this prevents the lost device from being used to access your account.

If you lose all devices AND forget your password, contact your Tiki site administrator.

Compatibility

Passkeys work on:

• Browsers: Chrome, Safari, Edge, Firefox (latest versions)
• Platforms: Windows, macOS, Android, iOS
• Password managers: iCloud Keychain, Google Password Manager, 1Password, etc.

Note that some engines ports or browsers haven't implemented this feature yet, including WebKitGTK / WPE / Epiphany: https://gitlab.gnome.org/GNOME/epiphany/-/issues/1007 depends on https://bugs.webkit.org/show_bug.cgi?id=205350

Related readings

• Developper documentation
• Why MFA is getting easier to bypass and what to do about it
• Will passkeys ever replace passwords? Can they?
• How passkeys work
• General concept explanation video by Google Chrome: Understand passkeys in 4 minutes