Using Passkeys for Signers

Introduction

Passkeys are a modern and secure authentication method designed to enhance security and improve user experience. Passkeys are based on FIDO 2 standards. In the passkey system, a cryptographic key pair is utilized: one private key is kept on the user's device, while the corresponding public key is stored on the server of a website. The private key remains confidential, thereby minimizing the chances of phishing attacks or credential compromise.

Passkeys works with smart phones, laptops or FIDO certified security USB keys. They are widely adopted by major platforms such as Apple, Android, and Microsoft. Passkeys are managed via Apple iCloud’s keyChain, Android’s Google Password Manager, and Microsoft accounts. Web browsers such as Chrome, Safari, and Edge support passkey-based login which allows user to authenticate on websites using the device that stored the passkeys.

To enable this feature, contact our Support Team. Passkeys can only be used with eSigning and In-person transactions.

For a successful passkey creation and authentication ensure the following:

• If you are using both your mobile device and a laptop for passkey creation or authentication, make sure that Bluetooth is enabled on both your laptop and mobile device. Also, make sure your mobile device is in close proximity to your laptop.

• Your phone's screen lock is enabled. For security reasons, passkeys will not work without a screen lock.

• If you are using passkey inside your company, login to your VPN before using passkey.

• If you cannot authenticate using and existing passkey on your device, delete the passkey on your device and go through the passkey creation process again.

• Before creating a passkey, signers must first be authenticated with an existing authentication method (IDV, KBA, SMS, Q&A, or Q&A+SMS).

Supported Transaction Types

Using passkeys with the following transaction types is supported:

• eSigning

• In-Person eSigning

Using passkeys with the the following transaction types is not supported:

• Virtual Room

• In-Person Electronic Notarization

• Remote Online Notarization

Supported Devices, Operating Systems, and Browsers

Using Passkeys

To use passkeys in a transaction the Sender must initiate a transaction using an authentication method. If passkeys for Signers has been activated on the Sender’s account, this will be indicated, but there will not be an option to select passkeys as an authentication method. The decision to use passkeys rests with the Signer, and not the Sender.

After completing the authentication method, Signers will be prompted to generate a passkey. Again, your Signers have the option to refuse, and to use the authentication method used when creating the transaction.

Should a Signer receive another transaction requiring their signature, they can either utilize the passkey they created with the previous transaction, or select the authentication method set by the sender during transaction creation.