Skip to main content

Managing passkeys

You can view passkeys from the web and desktop clients via item information in the Passkey field. You can manage passkeys using the Bravura Safe browser extension.

A future release will support passkeys for Bravura Safe mobile applications.

safe_be_passkeys_login_w_passkey2

Note

Passkeys cannot be edited. There are other options when you Revoke a passkey.

Share a passkey via team/collection

Though a passkey can only be added using the Bravura Safe browser extension, it can be moved (via its associated login item) to a team and collection using any Bravura Safe client (web, desktop, mobile and browser extension). This allows the login item and its passkey to be used by any members granted access to the collection, based on their level of permission .

See also

Overwrite an existing passkey

If you need to update or replace the passkey for a particular login item:

  • If you have an existing login item(s) matching the web or online service's domain:

    1. Bravura Safe presents the matching login item(s), prompting you to select a login item and save the passkey:

      safe_be_create_passkey_3_interact

    2. To save the passkey to an existing login item, click to select the desired login item and then click Save passkey.

      The passkey is saved to the selected login item.

Clicking Save passkey replaces the existing passkey with the new passkey, effectively overwriting it.

Note

The Passkey field (on the View item page) cannot be modified. If you require a second passkey for the same website or online service, create a new login item and associated the new passkey to it.

Cloning login items with associated passkey

When a login item is cloned using Bravura Safe, its associated passkey is not copied along with it. The following warning appears:

safe_passkeys_clone_warning

Note

Each unique login item can have only one passkey associated with it. If you require more than one passkey for the same website or online service, create a new login item and save the additional passkey to it.

See Clone items.

Revoke a passkey

A passkey associated with a login item cannot be revoked on its own from Bravura Safe. It must be disabled or removed using one of the following methods.

From the website or online service:

Warning

Before removing a passkey, ensure that you have alternative means of accessing the associated web/service account.

  • From your browser, navigate to the website or online service, log in to your account, access security or privacy settings, locate passkey management options and revoke the account passkey and/or disable passkey authentication.

    Note

    In this case, the passkey in Bravura Safe (and its private key) would remain associated with its login item (and domain), but would no longer have the public key portion of the credential key pair required for the authentication ceremony. If passkey authentication is re-enabled later for the site/service, the passkey stored in Bravura Safe can be overwritten or a new login item can be created with the new passkey. See below.

  • If an account using a passkey is deleted from a website or online service (along with its associated public key), the private key stored in the authenticator is not affected due to asymmetric cryptography and the separation of concerns in the public key infrastructure (PKI).

From Bravura Safe, where applicable, do one of the following:

  • Clone the login item containing the passkey (this creates a duplicate login item without a passkey), then delete the original login item containing the passkey.

  • Overwrite the passkey associated with the login item with a new passkey.

  • Delete the login item from Bravura Safe altogether (this deletes the reference to the public key, revoking the passkey).

Disable passkey prompt

You may need to disable passkey prompts for all or some accounts.

To disable prompts for a specific website only, see Use your device or hardware key.

To disable all prompts to save passkeys:

  1. Open a Bravura Safe browser extension.

  2. Click Settings.

  3. Scroll down to the OTHER section and select Options.

  4. Under GENERAL, locate and deselect the Ask to save and use passkeys option.

    safe_be_passkeys_ask_to_save

Use your device or hardware key for a specific site or service

There may be some websites or online services for which you are required to use a specific device or hardware key to authenticate. When prompted by Bravura Safe to save or use a login item passkey, you can opt to use your device or hardware key instead.

safe_be_passkeys_use_your_device

To do this:

  1. Click Use your device or hardware key.

  2. From the context menu:

    • Select Just once to close Bravura Safe and use an authenticator device or hardware key 'just this one time'. Bravura Safe will continue to prompt you at future sessions with this domain to create a login item and save a passkey.

    • Select Always for this site to add the current website or online service's domain to your Excluded domains list. Bravura Safe will no longer prompt you to create a login item and passkey for this domain.

In this section: