Passkeys, a faster more secure way to log in to the Stripe Dashboard
For as long as the internet has been around, there’s been an inherent tension between speed and security: the easier it is to log in to an account, the more vulnerable it is to bad actors. Now Stripe is launching a new way of logging in that makes it possible to have both: one-click login using passkeys. Passkeys are regarded as the next generation of online authentication by security experts, and they’re increasingly being adopted by leading tech companies. With this launch, you can now access the Stripe Dashboard faster and more securely, using passkeys in coordination with familiar methods such as Touch ID, Face ID, and physical security keys—all without needing to provide a password.
Passkeys allow users to establish a secure connection with Stripe through a one-time device registration, eliminating the need to provide a password for every login. The credentials for this connection are safeguarded by authentication methods that live on the device itself, such as fingerprint or facial recognition or a physical key. Accounts remain secure, even when devices are lost or stolen.
Creating a passkey is easy: log in to the Stripe Dashboard, go to profile settings, and click “Add a passkey.” Your browser will take you through a challenge where you verify your identity with any of the methods mentioned above. Once you finish setup, a new passkey is saved to your device, which preserves secure connection with Stripe. You can now access the Stripe Dashboard on this device in a single click.
Under the hood, passkeys use public-key cryptography. When you create a passkey, you’re really creating two unique sets of digital data: one is your public key that lives with Stripe, and the other is your private key, which lives on your device. When a login attempt begins, a Stripe server sends a challenge to your device. You verify your identity with a prompt such as Touch ID, unlocking your locally stored private key. Your device uses this private key to sign the challenge, and then it returns the signed challenge to Stripe. Stripe verifies that you signed the challenge correctly and, if so, completes your login.
Passkeys allow you to access the Dashboard faster than you could before by bypassing the overhead of a password or slower multifactor authentication methods. They’re also more secure than passwords, because your private key is never transmitted over the internet and you never interact with it or expose it directly.
Introducing passkeys is just one of many improvements Stripe has released over the last year to enhance user security, such as mandating 2FA for users and increasing the adoption of phishing-resistant authentication methods. Stripe is dedicated to helping our customers stay focused on their business, and we hope the introduction of faster, safer authentication with passkeys will make that even easier.