PassKEYS: Secure and convenient

We help you bring passkeys to your customers.

You love unlocking your smartphone with Face ID? With passkeys in iOS 16, Apple brings this experience to web and apps. We help you transition all your customers to a passwordless future by taking care of all cross-platform and cross-device aspects for you.

check mark

Made in Germany

check mark

API integration in <1h

check mark

GDPR compliant

Trusted by more than 100 companies worldwide.

The problem

Nobody likes passwords.

Passwords aren't user-friendly & create friction.

1 of 3

online purchases are abandoned at checkout, because customers cannot remember their password.

78%

of users forgot a password and had to reset it in the last 90 days.

75%

of users are frustrated to keep track of their passwords.

Passwords are insecure.

66%

of users reuse the same password on different websites.

49%

of users use the same password with little variations, when they are required to change passwords.

81%

of internet breaches involve weak or stolen passwords.

The Solution: Passkeys HAVe Arrived

Stand on the shoulders of giants.

May 2021
Google
announces passwordless future
June 2021
Apple
moves beyond passwords
September 2021
Microsoft
makes accounts fully passwordless
2022
You?
Google, Apple & Microsoft expand with passkeys. When do you follow?

The three digital, customer-centric leaders - Google, Apple, Microsoft - have set the new standard with passkeys. We help you prepare and adopt this  path. iOS, Android and Windows as well as Safari and Chrome will support passkeys in the next six months. Prepare now.

Why Corbado?

Stand out as a customer- & privacy-driven company.

Authenticate users securely without passwords on any platform. Prepare yourself for the migration away from passwords.

Improve CX

Win customer trust by authenticating them securely and providing them a great experience.

Increase profitability

Improve conversion rates, save internal engineering resources and reduce the risk for data breach fines and outages.

Enhance IT security

Protect customer accounts, eliminate passwords as point of failure and outsource risk of in-house solutions.

OUR features

Choose your favorite authentication method.

Improve conversion while boosting security

Passkeys (Biometrics)

Enable any mobile or desktop web experience to offer the simplicity and security of biometric authentication with passkeys (Face ID or fingerprints).

Improve conversion and retention rates

Email Magic Links

Passwords increase user drop-offs and introduce security risks. Email magic links remove the need for password-based authentication and can help in the migration to passkeys.

Enable a premium login experience

SMS OTP

Phone number login with SMS one-time passcodes (OTP) improves conversion and security on any device. It's particularly well-suited for the mobile experience.

Testimonials

Don't just take our word for it.

Quote mark left

"Corbado was easy to implement and since doing so, we've seen our conversion rate skyrocket to over 90%"

CTO, @Fontana
Quote mark right
Quote mark left

"Corbado was easy to implement and since doing so, we've seen our conversion rate skyrocket to over 90%"

CTO, @Fontana
Quote mark right
Quote mark left

"Corbado was easy to implement and since doing so, we've seen our conversion rate skyrocket to over 90%"

CTO, @Fontana
Quote mark right
Our offer

Security and privacy built-in.

We protect you and your customer's privacy. Only an email / phone number is stored. Biometric information never leaves the device.

Made in Germany

Corbado was founded in Germany and is based in Munich. We host our solutions solely in German data centers – no Amazon or Google Cloud.

Support and availability

We guarantee an uptime of 99.9% and provide support in English and German in every plan.

Highest data protection

We store your data redundantly on ISO 27001 certified servers to guarantee you DSGVO compliance. No unnecessary data collection.

100% encrypted

Your data is safe with us. All data being in transit and on our servers are encrypted and backups are performed regularly.

F.A.Q.

Any questions?

My customers use a password manager (e.g. Apple Keychain, LastPass) with unlocking via biometrics. Why do I need Corbado at all?
chevron down
  • From a user perspective it might seem similar, but from a technology viewpoint it is very different. First of all, these password managers still set a password in the background, which is stored on the server as well. If the server is not protected well, it still can be hacked and someone can take over a customer account via credential stuffing. Moreover, customer accounts can still be  be phished.

  • Our solution provides platform providers with the tools to eliminate passwords entirely from systems and prevent all these threats.

My customers are mainly using devices without biometric functionality. Can they still login without passwords?
chevron down

Yes. In this case, there are three options:

  • Crossover to mobile device: If your customers are using a desktop / laptop, a notification can be sent to their mobile device via Bluetooth or they can scan a QR code with their mobile device. This allows to use the biometric scanner of their mobile device.

  • Operating-system-internal authentication: End customers can use the authentication solution built into their operating system, e.g. a PIN code with Windows Hello or iOS.

  • Email magic links: In case nothing of the aforementioned options is possible, an email magic link can be sent to end customers.

How does passkey (biometric) login work?
chevron down
  • Passkey (biometric) login is based on FIDO2 / WebAuthn which is built on public key cryptography. The public key is stored on Corbado’s server while the private key is bound to the user’s device. It is protected inside the device’s hardware (e.g. in trusted platform module or secure enclave) and never leaves the device.

  • During the authentication process, a challenge is sent from the server to the device. The device’s private key store is opened via biometrics, which also never leaves the device.

  • The challenge is signed with the private key and sent back to the server. The server checks the compatibility of the signed challenge with the public key and authenticates the user.

What happens to my biometric data? Is it stored on any server?
chevron down

No. Your biometric data never leaves your device and is not stored on any server. It is only used to get access to your private keys. For cross-platform passkey usage the key never leaves your Apple or Google-Account.

What happens to the private key if I lose my device?
chevron down
  • A lost device does not mean that someone can access the account, because the biometric proof (e.g. fingerprint or face scan) would still be required.

  • If you lose your device and cannot access your private key anymore, there are several options:

    • You can link further devices to your account, which you can use as a fallback.

    • If no other devices are linked, you can request an email magic link to access your account.

    • Moreover, Apple, Google and Microsoft push passkeys that allow passwordless login from any device in their respective ecosystem even if you have lost one device.

Try Corbado now!

Add passwordless login within less than 1 hour.

Contact expert

No credit card required