To enhance digital security and provide the Berkeley Lab community with easy-to-use solutions, the IT Division is implementing Lab-wide passkey adoption. Passkeys offer a simpler yet more secure, phishing-resistant alternative to traditional multi-factor authentication. By reducing the risk of credential theft and eliminating the need for passwords, passkeys help safeguard sensitive Lab data.
Unlike MFA tokens, passkeys eliminate one-time codes, making logins seamless and safer. Passkeys use advanced authentication methods like Face ID, Touch ID, and QR codes, which cannot be guessed or stolen and are much easier to use than memorizing different passwords. Adopting passkeys helps protect sensitive Lab data by reducing the risk of credential theft.
Why Are We Moving to Passkeys?
Traditional passwords and even one-time MFA codes are vulnerable to cyberattacks. Attackers often steal login credentials through phishing scams or data breaches and reuse them across multiple sites.
When a passkey is created for a site or service, the following unique cryptographic key pair is generated:
- Public Key: Stored on the service provider’s server, the public key is not sensitive on its own and cannot be used to access your account.
- Private Key: Stored securely in supported password manager apps (like 1Password, Google Password Manager), devices (such as iOS, Android, YubiKey), or operating systems (such as, macOS, Windows Hello). Most of these platforms support syncing your keys across all your devices.
Passkeys eliminate this risk by ensuring that the private key never leaves the user’s secure device. This means that even if a service provider is hacked, attackers cannot gain access to a user’s account. Plus, passkeys sync across devices, reducing the need to remember complex passwords or rely on third-party authentication apps.
This transition aligns with broader industry trends aimed at eliminating passwords and enhancing security. In the coming months, support for passkeys will be expanded across lab services, ensuring a seamless and secure login experience.
Join the early adopters
If you would like to be part of the pilot early adopter group, fill out this form and we’ll get back to you with next steps.
Stay tuned for further announcements on when passkeys will be available for your Berkeley Lab accounts and how to set them up.
in the bottom right or navigate to