[SUGGESTION] Passkey-Support

NetRunner20

Hi,

mit iOS 17 und Android 14 werden Passkeys anstelle von Passwörtern immer verbreiteter - vielleicht könnte man diese als zusätzliche Sicherheit für den Login im Web oder auf einem neuen Handy einführen.

Man könnten den Login so umbauen, dass es anstellen des 6 stelligen Codes für den erstmaligen Login ein Passkey und/oder die Selfi- Verifikation erforderlich ist.

Der 6 stellige Code, der vielleicht auf einen 8 stelligen Code als Option anwachsen könnte, dient dann zur Bestätigung von erneuten Logins auf dem bekannten Gerät und zur Freigabe von Transaktionen.

Wäre vielleicht eine zusätzliche Sicherheitsstufe.

Was haltet ihr von Passkeys?

sotirios-Black-Moose

Hey there, Jens 👋
That's an excellent suggestion! We should assess the level of interest from other bunq users to determine if they share the same appreciation! 😊

thijsoost

Jens Passkey support would be great! Windows and iOS already support it, if Android also supports it with Android 14 I see no reason for bunq to not support it!

Eru

Sehe ich auch so. Das wäre großartig.

New-Aquamarine-Tiger-121454535

Would be really cool if this can be supported! Thanks for suggesting this @Jens !

dminca

Definitely looking forward to seeing this land! Passwords are not secure, that’s for sure and FIDO have done an awesome job standardizing the Passkey

Joeri-Silver-Lynx

Dear bunq,
I would like ;) syncing and device-bound passkeys & configurable permissions.

#1
I would consider using a [syncing Passkey] to allow quick read-only access to my bunq accounts and switching of card to sub-account permissions.
This would may be on top of bunq pin but in stead of video authentication.
No payments possible in this mode.
(Variation: only internal payments possible.)

#2
I would like a [device-bound Passkey] to allow access to almost everything, but with a transfer amount limit X. Going over that limit would require video authentication.
This may be in stead of the bunq pin, but it must be in stead of video authentication (up to that set limit).

#3
Thirdly, I would also like a mandatory [device-bound Passkey] authentication when transferring large amounts above limit Y inside a session that was once authenticated by video.
So this is on top of the bunq pin and on top of video authentication.
(Fallback suggestion: another (more recent) video authentication.)

These desires might shift over time as implementation changes.

(For those who want to know: Syncing Passkey could be synced between iOS devices by iCloud or a Password manager. A device-bound Passkey cannot be synced (or cloned) and is anchored to a specific device. Theoretically, it could be tied to a specific iPhone in a specific state. Practically, today (2023-12-11) it would be a NFC Security Key with a Passkey on it.

Syncing Passkey is currently accessed by biometrics or phone’s passcode.
Device-bound passkey on iPhone is theoretically accessed by biometrics but not by phone’s passcode fallback. (Design work to do here.)
Device-bound passkey on Security Key is currently accessed by PIN or biometric depending on key type. The NFC variant will require at least nfc-tap, pin, tap2.)

If you want to share. Which flow (1,2,3) would you like? And why?

My reasons are:
1: quick & fast limited access.
2: strong authenticated access as an limited alternative to being on camera.
3: peace of mind.

sotirios-Black-Moose

Hey Joeri 👋
Thanks for your innovative suggestions on syncing and device-bound passkeys. We've noted your ideas, and your feedback is crucial in shaping the future of bunq 🫶 If you have more thoughts, feel free to share them 🙌

lilaaffe42

Soooo, what the current state about passkeys?

thijsoost

Marcin No news I guess

Anna-Magenta-Badger

What about devices that do not support passkey. They will have to leave and go to another bank?

thijsoost

A.G.I. With most websites, you're not forced to use Passkeys. People who want to use it can enable it, others can leave it disabled.