Passwordless

PassKeys (using the WebAuthn and FIDO2 standards) provide a very secure way to authenticate yourself with MyRapidi as a physical device like a Yubikey or fingerprint scanner is used during the authentication.

This avoids practically all possibilities of account takeover and is more secure than using passwords in combination with 2FA.

It is a relatively new standard that is used for this is called WebAuthn or FIDO2 but it is supported by industry leaders like Google and Microsoft and built into recent browser versions of Google Chrome, Microsoft Edge, and Safari among others.

All industry leaders already support the use of PassKeys for their different online services. For example, you find Security Key support in Google Gmail, Microsoft Azure Active Directory, Salesforce.com among others.

A Passkey or device can be set up in two different ways with MyRapidi - either as Passwordless (no password is needed) or as a Second Factor (like the google 2FA but more secure as it is a hardware key).

Passwordless authentication is much more secure than using passwords as it combines the use of a physical device (which has some unique key and the ability to securely authenticate with a service) and then some personal knowledge like a PIN code or a personal feature like a fingerprint.

So as passwords can be stolen or guessed (and used remotely), it is much harder for someone to get hold of both the piece of hardware and the personal knowledge or feature (PIN code or fingerprint).

Even strong passwords used in combination with 2FA codes (like what we support with Google Authenticator app on the phone) are less secure than password-less (WebAuthn or FIDO2). Hackers could steal your mobile phone number remotely and get access to your email account and then reset your password and get into your account.

So how do you enable this password-less login?

You need the following items to use password-less login with MyRapidi:

1. A browser that supports FIDO2. In general, the latest versions of Google Chrome, Safari, Firefox, or Microsoft Edge, see here for more details.
2. A hardware key (like YubiKey) or biometrical device like a built-in fingerprint reader in your laptop or mobile device.

Then to setup password-less authentication in MyRapidi:

1. Go to Settings > PassKeys
2. MyRapidi will check if your browser is supported (If it is not supported, you will get a message about this).
3. Then enter a Name for your key (for example: "Michael's Yubikey")
4. Check the box "Passwordless"
5. Click the button "Add PassKey"
6. Follow the steps provided in the popup browser window
7. If the key is successfully added, you will see it in the list of active PassKeys

We recommend that you add at least two different devices so that you have a device that you normally use and a backup devise.

 

If you do not check the box "Passwordless" the key will instead be used as a secure Second Factor device. In this case, you still have to enter your password, and you then have a more secure second-factor authentication that will be asked for after the password.

 

Enforce the use of PassKey

If you are the account administrator for your company's MyRapidi account, you can enforce the use of a PassKey for one or more users in your MyRapidi account. You do that from the Manage Users page. We recommend that you enforce the use of the PassKey for all account administrators and also for users that have rights to edit the configuration (Transfers, Connections, etc.).