.gif)
¶ What is Passkeys?
For some time Google and others in the industry have been working on a simpler and safer alternative to passwords. While passwords will be with us for some time to come, they are often frustrating to remember and put you at risk if they end up in the wrong hands. Last year (2022) — FIDO Alliance, Google, Apple, and Microsoft — announced they would begin work to support passkeys on their platform as an easier and more secure alternative to passwords.
Passkeys are a new way to sign in to apps and websites. They’re both easier to use and more secure than passwords, so users no longer need to rely on the names of pets, birthdays, or the infamous “password123.” Instead, passkeys let users sign in to apps and sites the same way they unlock their devices: with a fingerprint, a face scan, or a screen lock PIN. And, unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes.
Passkeys are next-generation account security, by comparing cryptographic secure key pairs making them more secure and reliable, unlike passwords even strengthened by multi-factor authentication / MFA such as One-Time Passcode (OTP).
To make it work, Passkeys requires a device with internet, wifi, and Bluetooth functionality.
¶ Benefit
Better experience. Say goodbye to annoying passwords and MFA/OTP. Password and MFA/OTP security requirements are fulfilled by Passkeys.
Strong credentials. Every passkey is strong. They’re never guessable, reused, or weak.
Safe from server leaks. Because servers only keep public keys, servers are less valuable targets for hackers.
Safe from phishing. Passkeys are intrinsically linked with the app or website they were created for, so people can never be tricked into using their passkey to sign in to a fraudulent app or website.
¶ How to create
Passkeys is a new way that make your experience way more secure and easy rather than password + OTP/MFA. Therefore to make sure a passkeys work safely, you need to create a passkeys by registering your device, and your device has to meet the minimum requirements such as:
- Your personal devices or office devices are delegated specifically to you, not a sharing device.
- Your device has an internet connection and a Bluetooth.
- If you are creating passkeys on another device, make sure it close to each other.
- Has minimum version:
| OS or Software | Minimum Version |
| iOS/iPadOS/tvOS | 16.0 |
| macOS | 13.0 |
| Android | 9.0 (Pie) |
| Windows | 10 |
| Semua Browser | Latest or up-to-date |
Your OTP/MFA feature will automatically activated when you register or use passkeys, and the OTP/MFA feature is a secure backup if you lose your passkeys. If you can't access any of the MFA/OTP options, to recover your account read this guideline or call our Contact Center.
¶ Saat Proses Sign-in
The picture above will show up when you sign in and the system detects that you haven’t registered a passkeys.
1. Click Button “Create a Passkey”
.png)
2. Enter your account password (picture number 1)
3. If your password is valid, the creation passkeys link has been sent to your email (picture number 2).
You can continue your sign-in activity. Please remember that the link is valid only for 1 hour.
.png)
The picture above is a passkeys creation process,
4. The left picture, is the email you will receive, make sure the email is sent from noreply@insw.go.id and the passkeys creation link is on https://sso.insw.go.id. Please be alert and careful about phishing crimes and abuse/fraud via email on behalf of the INSW System. Click the button or copy the link to your browser.
5. The middle picture, is a passkey creation form, give your device a name in “Your Device Name” and click “Create here”. If you find any error, please refresh your page or open it in another browser or device.
6. The right picture, is a passkey creation option/method, choose one of the options and follow your device's next instruction.
- If you choose “Your Device”, the device you use right now, will automatically detect and verify using the device's built-in screen unlock such as fingerprint, etc.
- If you choose “Different Phone or Tablet”, your browser will show a QR Code, scan the QR Code using Camera or QR Scanner app on a Smartphone or a Tablet. Then follow the next instruction on your Smartphone or Tablet, please stay close while the device is processing the creation.
- If you choose “Security Key”, your browser will ask for a Security USB Key to be plugged into your computer/device, when it is plugged in the browser will automatically detect.
- If you choose a device that has logged in/signed in with your account as in the example image above with the name "SM-N960F", your device will receive a notification, please click on the notification to start. This process can potentially fail if your Device “SM-N960F” is too far from your browser, so you should keep it close to your computer/device.
¶ From Your Account Settings
This demo is using a Chrome running on Mac, other browsers or devices may differ.
- Open and Sign in at https://sso.insw.go.id
- When the Sign-in is complete, go to your account on the top right.
- Choose and click on Security Settings
- Choose and click on Multi-Factor Authentication
- Choose and click on Configuration
- Choose and click on Tab Passkeys
- Click the Green Button, “Register New Device” Button
- Enter your device name
- Click the Green Button, “Save New Device” Button
- Follow the browser prompt, to register a new passkey you can choose “Your Device", “Different Phone or Tablet”, “Security Key”, and Your Signed In device such as SM-N960F on the screen recording above.
- If you choose “Your Device”, your device will automatically detect and verify using your screen unlock method.
- If you choose “Different Phone or Tablet”, your browser will show you a QR Code, and you need to scan using your Camera or QR Scanner app on your Phone or Tablet. Then follow the next instructions on your device. This process can fail if your Phone or Tablet is too far from your browser, please stay close to your browser.
- If you choose “Security Key”, your browser will be asking for a Security USB Key to be plugged in, once it is plugged your browser automatically detects it.
- If you choose Your Signed In device such as SM-N960F, your SM-N960F device will receive a push notification and click the push notification to start. This process can fail if your SM-N960F device is too far from your browser, please stay close to your browser.
¶ How to use
NSWid automatically detects whether your account (using username) has passkeys or not. Once your account hasn’t been registered for a passkeys device, NSWid will be asking you do you want to register a passkeys or not.
¶ On the same device
The picture above is the process when,
1. You already have a registered passkey
2. The registered passkeys is the same device used when logging in/sign-in
The device you are using will automatically detect and ask for your confirmation to log in/sign in with passkeys (biometric/screen-lock). The following are the stages of use:
1. Enter your account username and click Next,
2. You will be asked for your passkey and complete authentication with a screen lock or biometrics.
3. Done.
¶ Cross-device
The process of using Cross-device for use is as follows:
1. You already have a passkey registered on another device, for example on your personal smartphone.
2. You log in/sign-in on your laptop (different device).
Demo link: https://www.youtube.com/watch?v=ywQ8bFla-L8
Actual Use of NSWid:
Other devices you use will automatically detect and ask for your confirmation to log in/sign-in with passkeys (biometric/screen-lock). The following are the stages of use:
1. Enter your account username and click Next,
2. You will be asked for your passkey and select the QR Code.
3. Scan the QR Code with your Smartphone or Tablet which contains a passkey
4. You will be asked for confirmation and biometric authentication on your Smartphone or Tablet.
5. Make sure that during the process, your Smartphone or Tablet is close to the other device you are using to login/sign-in.
6. Done.