• We’re sharing a novel approach to enabling cross-device passkey authentication for devices with inaccessible displays (like XR devices). • Our approach bypasses the use of QR codes and enables cross-device authentication without the need for an on-device display, while still complying with all trust and proximity requirements. • This approach builds on work done by the FIDO Alliance and we hope it will open the door to bring secure, passwordless authentication to a whole new ecosystem of devices and platforms. • Passkeys are a significant leap forward in authentication, offering a phishing-resistant, cryptographically secure alternative to traditional passwords. • Generally, the standard cross-device passkey flow, where someone registers or authenticates on a desktop device by approving the action on their nearby mobile device, is done in a familiar way with QR codes scanned by their phone camera. • But how can we facilitate this flow for XR devices with a head-mounted display or no screen at all, or for other devices with aninaccessible displaylike smart home hubs and industrial sensors?
Article Summaries:
- Meta has unveiled a new method for cross‑device passkey authentication that works on XR headsets and other screen‑less devices. The approach eliminates the need for QR codes by using a companion mobile app (e.g., Meta Horizon) to relay authentication requests to the headset via the same account. The flow leverages FIDO’s WebAuthn and CTAP hybrid protocols, enabling secure, phishing‑resistant, passwordless sign‑ins without on‑device displays. Meta’s implementation is already available on Quest headsets running Horizon OS, and the company hopes the technique will extend secure authentication to a broader range of IoT and industrial hardware.
Sources: