• Ideas

  • [SUGGESTION] Passkey-Support

Hi,

mit iOS 17 und Android 14 werden Passkeys anstelle von Passwörtern immer verbreiteter - vielleicht könnte man diese als zusätzliche Sicherheit für den Login im Web oder auf einem neuen Handy einführen.

Man könnten den Login so umbauen, dass es anstellen des 6 stelligen Codes für den erstmaligen Login ein Passkey und/oder die Selfi- Verifikation erforderlich ist.

Der 6 stellige Code, der vielleicht auf einen 8 stelligen Code als Option anwachsen könnte, dient dann zur Bestätigung von erneuten Logins auf dem bekannten Gerät und zur Freigabe von Transaktionen.

Wäre vielleicht eine zusätzliche Sicherheitsstufe.

Was haltet ihr von Passkeys?

    Thijs changed the title to [SUGGESTION] Passkey-Support.

      Hey there, @NetRunner20#284080 👋
      That's an excellent suggestion! We should assess the level of interest from other bunq users to determine if they share the same appreciation! 😊

        @NetRunner20#284080 Passkey support would be great! Windows and iOS already support it, if Android also supports it with Android 14 I see no reason for bunq to not support it!

          Sehe ich auch so. Das wäre großartig.

            Would be really cool if this can be supported! Thanks for suggesting this @NetRunner20 !

              Definitely looking forward to seeing this land! Passwords are not secure, that’s for sure and FIDO have done an awesome job standardizing the Passkey

                2 months later

                Dear bunq,
                I would like ;) syncing and device-bound passkeys & configurable permissions.

                #1
                I would consider using a [syncing Passkey] to allow quick read-only access to my bunq accounts and switching of card to sub-account permissions.
                This would may be on top of bunq pin but in stead of video authentication.
                No payments possible in this mode.
                (Variation: only internal payments possible.)

                #2
                I would like a [device-bound Passkey] to allow access to almost everything, but with a transfer amount limit X. Going over that limit would require video authentication.
                This may be in stead of the bunq pin, but it must be in stead of video authentication (up to that set limit).

                #3
                Thirdly, I would also like a mandatory [device-bound Passkey] authentication when transferring large amounts above limit Y inside a session that was once authenticated by video.
                So this is on top of the bunq pin and on top of video authentication.
                (Fallback suggestion: another (more recent) video authentication.)

                These desires might shift over time as implementation changes.

                (For those who want to know: Syncing Passkey could be synced between iOS devices by iCloud or a Password manager. A device-bound Passkey cannot be synced (or cloned) and is anchored to a specific device. Theoretically, it could be tied to a specific iPhone in a specific state. Practically, today (2023-12-11) it would be a NFC Security Key with a Passkey on it.

                Syncing Passkey is currently accessed by biometrics or phone’s passcode.
                Device-bound passkey on iPhone is theoretically accessed by biometrics but not by phone’s passcode fallback. (Design work to do here.)
                Device-bound passkey on Security Key is currently accessed by PIN or biometric depending on key type. The NFC variant will require at least nfc-tap, pin, tap2.)

                If you want to share. Which flow (1,2,3) would you like? And why?

                My reasons are:
                1: quick & fast limited access.
                2: strong authenticated access as an limited alternative to being on camera.
                3: peace of mind.

                  Hey @Joeri-Silver-Lynx#286364 👋
                  Thanks for your innovative suggestions on syncing and device-bound passkeys. We've noted your ideas, and your feedback is crucial in shaping the future of bunq 🫶 If you have more thoughts, feel free to share them 🙌

                    4 months later

                    Soooo, what the current state about passkeys?

                      @lilaaffe42#291840 No news I guess

                        What about devices that do not support passkey. They will have to leave and go to another bank?

                          @Anna-Magenta-Badger#291868 With most websites, you're not forced to use Passkeys. People who want to use it can enable it, others can leave it disabled.

                            Write a Reply...