Skip navigation
Product & Engineering

Bringing Passkeys to Admin Panel Login

For many Duo Security administrators, logging into the Duo Admin Panel is part of your everyday work. From unlocking a user to configuring a new policy, you need to get in quickly and securely to protect your organization. Recently, we released passkeys for the admin panel to make this workflow even easier and more secure.

What is a passkey?

A passkey is a phishing-resistant cryptographic keypair you register for web-based authentication. It’s the strongest authentication method available today, which is why you see passkeys moving to replace passwords altogether.

“Passkeys cannot be phished, so they transfer the possibility of detecting whether a link is valid away from the end user.” – Matt Brooks, Cisco Duo Product Marketing Manager

Passkeys are built on WebAuthn technology so you can use all the methods you’re used to — like security keys, TouchID, WindowsHello — as well as a few more like mobile phones and password managers. Not all browsers support all verification methods on a given operating system, so for the widest compatibility we recommend Chrome or the browser that came with your operating system.

Table showing what browsers Duo passkeys support. Chrome supports all passkey options, Edge supports most passkey options and will support the remainder in the future, Firefox doesn't support MacOS TouchID or Android Biometrics, and Safari doesn't support Windows Hello or Android Biometrics.
As of July 2023

For a deeper dive into passkeys and their benefits, read 'What are Passkeys?’ by Matt Brooks.

Easier-to-use login experience

While adding passkeys to admin panel login, we also took action on your feedback to make admin login easier to use. Starting in July 2023, administrators will start to see a new login experience that more closely resembles the Universal Prompt experience. In addition, admins can choose to remember their last used login method so that they are automatically prompted after entering their password without an extra click.

 

Switching administrators to passkeys

We’re encouraging all admins to make the switch to passkeys for a more secure Duo Admin Panel. While Duo has had more secure methods like Yubikey and hardware token support for a long time, investing in hardware for your admin team can be expensive and difficult to manage. The advantage of passkeys is that they already come with devices your administrators have today. Even if your administrators’ laptops do not have biometric support, admins can use their mobile phone as an authentication device without needing to download an app.

Passkeys are enabled by default for Admin Panel access. Owners can change this setting under the Admin Login Settings page in the Administrators section of the Admin Panel.

Since launching, we’ve seen over 15,000 passkeys added. Register a passkey in the admin panel today for an easier and more secure login. As always, we recommend having at least two authenticators tied to your account, so that you’re never locked out. You can register up to 100 passkeys and rename them from your admin profile.