LOS ALTOS, California – June 13, 2023 – Descope, the drag-and-drop authentication platform for developers, today announced product additions that enable developers to easily add passkeys to their existing applications. By adding Descope as an OpenID Connect (OIDC) agent, customers using Amazon Cognito, Auth0, and other identity providers that support federated identity can now add passkeys – as well as other passwordless methods – to their authentication flows with a few minutes of setup.
Passwords are bad for security and usability since they are easy for attackers to brute force but hard for users to remember. Over 80% of web application attacks in 2021 were due to stolen credentials according to the Verizon DBIR report. Since users tend to reuse passwords across sites, credential stuffing attacks continue to be successful, with recent victims being users of PillPack, PayPal, Norton LifeLock, and DraftKings. The cognitive load placed on users with password-based authentication also harms their experience, leading to customer churn and higher acquisition and retention costs.
The rise of passkeys over the past year spells the beginning of the end for passwords. By enabling users to sign in to accounts the same way they unlock their devices (with a fingerprint, face scan, or PINs), passkeys elevate the user experience while removing all the security concerns that passwords bring. However, adding passkeys to an existing authentication flow can be a complex process.
Descope helps developers add passwordless authentication capabilities to their apps with a few lines of code. Descope’s drag-and-drop workflows, SDKs, and APIs abstract away the complexity of authentication so that apps can get to market faster and safer than before.
Customers can now add Descope as an OpenID Connect (OIDC) agent to their identity providers that support federated identity. This enables the addition of passkeys – and other passwordless methods such as magic links, social logins, and OTPs – without any complex configuration changes or code additions. This helps customers:
Improve the user experience by providing an easier onboarding path and merging accounts across authentication methods.
Increase retention by simplifying return logins and avoiding churn due to forgotten passwords.
Enhance security by easily adding multi-factor authentication to existing auth flows.
“We are huge believers in the potential of passkeys,” said Slavik Markovich, Co-Founder and CEO of Descope. “They are virtually unphishable and make the process much easier for end users. With continued support for passkeys from Google, Apple, and Microsoft, user familiarity and adoption will increase in the months to come. Our goal with these product enhancements is to reduce friction for any developers looking to add passkeys to their apps.”
Blog on how to add passkeys to Amazon Cognito user pools.
Descope listing on AWS Marketplace.
Blog on how to add passkeys to Auth0 auth environments.
Sign up for Descope.
Descope helps every developer build secure, frictionless authentication and user journeys for any application. Our no-code workflow builder, SDKs, and APIs abstract away the complexity of authentication so that developers can focus on core product and business goals. Designed by security experts, Descope also stops bot attacks on login pages, prevents account takeover, and enables apps to easily add MFA and step-up authentication. Founded in 2022, Descope is backed by Lightspeed and GGV Capital, and is a member of the FIDO Alliance.
Offleash for Descope