Amazon adds passkey support as new passwordless login option


Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks.

Passkeys are digital credentials that let you use biometric controls or PINs linked to a device, such as phones, computers, and USB security keys, to log in to websites.

Using passkeys significantly reduces the risk of network and data breaches, as well as compromised accounts. Passkeys act as a safeguard against phishing attacks and information-stealing malware, preventing the theft of authentication information.

From a user standpoint, passkeys also make it significantly easier to log in to an account, as you no longer need to use a password manager or memorize distinct passwords for each site.

Amazon adds passkey support

Amazon recently added a new section in the Your Account > Login & security settings that lets you generate a passkey that can be used to log in to the site.

Passkey setting page on Amazon
Passkey setting page on Amazon
Source: BleepingComputer

Once you click on the ‘Set up’ button on Amazon, you will be prompted to either use Windows Hello, a security key, or your mobile device to generate the passkey.

Create a passkey
Create a passkey
Source: BleepingComputer

In our tests setting up an Amazon passkey, we did so on Google Chrome and Microsoft Edge using a Yubikey to generate the passkey but were unable to use a Google Titan security key. We were also unable to get this feature to work on Mozilla Firefox.

Furthermore, we could use Windows Hello on Windows 11 to create a passkey, but Windows 10 does not support this feature.

Once the passkey is generated, on the next login, you will be prompted as to whether you wish to enter your password or “Sign in with a passkey,” as shown below.

Sign in with a passkey
Source: BleepingComputer

Once we clicked on the sign in with a passkey option, we were asked to enter a pin and then touch our Yubikey, which logged us into Amazon.

It is important to note that setting up a passkey does not prevent using your password to log in to the account as well.

However, passkeys are more secure, so they allow you to bypass entering your passwords and potentially put them at risk if entered on a phishing landing page.

While passkey support on Amazon is a big step forward in security and ease of use, it does not come without some issues.

For example, unlike other passkey implementations, Amazon does not let you name or manage passkeys individually. Instead, they are lumped together, and if you want to delete a passkey, you have to delete all of them,

Furthermore, as all of Amazon’s geographic sites are treated as different security boundaries, any passkeys you make at one Amazon site will not be usable at Amazon sites in other regions.

More sites go passwordless

Passkeys are becoming an increasingly popular feature, with many companies now supporting the feature.

Last week, Google announced that they are making passkeys the default sign-in option for accounts, and Microsoft added a dedicated passkey manager to their latest Windows 11 22H2 ‘Moment 4’ update.

Yesterday, WhatsApp announced on Twitter that Android users will soon be able to use passkeys to log into WhatsApp.

“Android users can easily and securely log back in with passkeys ​ only your face, finger print, or pin unlocks your WhatsApp account,” tweeted WhatsApp.

Other well-known sites supporting passkeys include BestBuy, eBay, Paypal, and GoDaddy.





Source link