History: Passkey
Source of version: 5
Copy to clipboard
! WebAuthn Authentication Support in Tiki using Passkeys
[https://gitlab.com/tikiwiki/tiki/-/merge_requests/6997|Introduced in Tiki 29.]
Passkeys offer a modern, secure, and passwordless way to log into your Tiki site. Instead of remembering complex passwords, you can use your device’s built-in authentication—like fingerprint, face recognition, or a PIN—to sign in quickly and safely.
!! What Are Passkeys?
Passkeys are a new type of login credential based on public key cryptography. They’re:
* __Phishing-resistant__: No secrets are shared with the server.
* __Easy to use__: Authenticate with biometrics or device PIN.
* __Cross-platform__: Sync across devices via services like iCloud or Google Password Manager.
!! Why Use Passkeys in Tiki?
* Stronger security than traditional passwords.
* Faster login experience for users.
* No need to remember passwords or reset them.
* Works with major browsers and platforms (Chrome, Edge, Safari, Android, iOS, Windows, macOS).
!! How to Enable Passkey (WebAuthn) in Tiki
__Note__: This feature is available in ((tiki29)) and above.
Make sure your site uses HTTPS and is served from a secure domain.
* Go to Settings → Control Panels → Global Setup → Registration & Log in
* Enable Advanced features, the __Enable WebAuth__ by checking it on.
* Save changes by clicking "__Apply__"
{img fileId="2207" stylebox="border: 1px solid #000" width="787"}
!! How to Register a Passkey (User Steps)
* Log into your Tiki account the usual way.
* Go to My Account → Security Settings
* Click Add a Passkey
* Follow the prompts to register your device (you may be asked to use Face ID, fingerprint, or a PIN).
* Done! You can now log in using your passkey.
!! Logging In with a Passkey
* Visit your Tiki login page.
* Click Sign in with Passkey
* Choose your device or browser-stored credential.
* Authenticate using your device (biometrics or PIN).
* You’re in!
!! Compatibility
Passkeys work on:
* Browsers: Chrome, Safari, Edge, Firefox (latest versions)
* Platforms: Windows, macOS, Android, iOS
* Password managers: iCloud Keychain, Google Password Manager, 1Password
!! Related readings
* [https://dev.tiki.org/Passkey|Developper documentation]
* [https://arstechnica.com/security/2025/05/phishing-attacks-that-defeat-mfa-are-easier-than-ever-so-what-are-we-to-do/|Why MFA is getting easier to bypass and what to do about it]
* [https://www.theregister.com/2024/11/17/passkeys_passwords/|Will passkeys ever replace passwords? Can they?]
* [https://blog.google/inside-google/googlers/ask-a-techspert/how-passkeys-work/|How passkeys work
]