At OffSec, security and user experience go hand in hand. As part of our commitment to delivering cutting-edge protection, we're excited to introduce passkey-based multi-factor authentication (MFA) — a modern, secure, and seamless alternative to traditional methods like authenticator apps or SMS codes.
Passkeys are a new and easier way to sign in without using passwords.
Instead of typing a password, you just: Use your fingerprint, face, screen lock or security key to log in, depending on your password management.
- What are the benefits of Passkeys?
- Who can set up the passkeys?
- How to set-up passkeys?
- Can I add multiple passkeys?
- I have multiple passkeys set up, how can I login to the platform?
- Which browser can I use to successfully save Passkeys?
- Where can I see the list of my passkeys?
- Can I remove my passkeys?
- What happens if I lose access to the Passkeys?
- Am I still able to access my account using passkey if I update my account email address in the Platform?
- What should I expect after I successfully set up my Passkey?
✅ What are the benefits of Passkeys?
- Phishing-resistant: Private keys are never typed or shared.
- No reuse: Every passkey is unique to each service.
- No password leaks: They can't be stolen in data breaches.
- Convenient: Use your fingerprint, face, or device PIN to sign in.
Who can set up the passkeys?
All learners with an account on the OffSec Learning Platform can set up a Passkey for a faster and more secure login experience.
⚠️NOTE: Passkeys and Enterprise SSO are currently not compatible. Therefore, if you're accepting an invitation from an Admin, particularly for accounts with SSO enabled—you must remove any existing passkeys before accepting the invite. To remove passkeys, please see here.
If Enterprise SSO is enabled, you will see the Passkey feature grayed out.
How to set-up passkeys?
Step 1: Log-in to your account
Step 2: Click on your username at the top right corner
Step 3: Go to “Security” and at the bottom, you will see “Passkeys”
Step 4: Click “Setup Passkey” and enter your password when prompted.
Step 5: A confirmation message will show once your passkey is set up.
Can I add multiple passkeys?
Absolutely! You can add multiple passkeys to your account. Just click on the “Manage Passkey” and “Add Passkey” button. Make sure to type in your password correctly and you’re done!
I have multiple passkeys set up, how can I login to the platform?
Once you are in the sign-in page, our system will check if you have set up a passkey. If you have integrated multiple passkeys, you have the option to choose which one to use.
Which browser can I use to successfully save Passkeys?
Passkeys are supported on both Chromium-based browsers such as Chrome, Edge, Brave, and Opera, as well as non-Chromium browsers like Safari and Firefox.
However, please note that Safari and Firefox currently do not support saving the security key, which may affect your ability to reuse the passkey for future logins.
Where can I see the list of my passkeys?
You are able to view the list of your passkeys by clicking on the “Manage Passkeys”
Can I remove my passkeys?
Yes, you can remove your passkey.
Step 1: Click on the “Manage Passkey”
Step 2: Click “Remove” and input your Password and you’re good to go!
⚠️ NOTE: When removing a passkey from your Platform account, be sure to also delete it from your password manager (e.g., 1Password or whichever tool you used). Otherwise, the saved passkey may continue to appear and prompt during login attempts, even though it’s no longer valid.
What happens if I lose access to the Passkeys?
If you lose access to the Passkey linked to your account, please contact our support team for assistance by using the primary email listed in your account. Before we can proceed, we’ll need to verify your identity. Kindly include the following details in your request:
- OSID
- Primary email address
- Username
- Government issues scanned ID
This verification process is necessary to ensure that the request is coming from the legitimate account owner and to safeguard against potential data breaches.
Am I still able to access my account using passkey if I update my account email address in the Platform?
Absolutely! Updating the email address associated with your platform account will not affect your Passkey access. Passkeys are tied to your device and authentication method, not your platform email. You will still be able to access your account using your existing Passkey without any issues.
What should I expect after I successfully set up my Passkey?
After setting up your passkey, kindly note that our system will automatically disable your ability to login using your username and password.
For users who have enabled passkeys, we take an additional step to protect your account by blocking password-only login attempts.
This means that once you set up a passkey, your account will only be accessible through that authentication method ensuring your login remains secure and aligned with the latest security best practices.
Should you lose access to your passkey and are unable to login via the username and password, kindly contact our support team.