It brings us great pleasure to announce that SwissBorg is introducing passkeys as a more secure and efficient way to recover your account. This method enhances both security and convenience. We encourage users to adopt passkeys over traditional recovery methods like a recovery phrase or a manual recovery process. At SwissBorg, we are dedicated to providing you with the best protection and ease of use, and passkeys represent a significant step forward in achieving that goal.
What are Passkeys
Passkeys are a modern, more secure alternative to passwords that allow users to log into websites and apps. Instead of relying on passwords that can be guessed, stolen, or reused, passkeys use a strong and unique key pair that only works between your device and the service you’re logging into. This makes them resistant to phishing attacks, easier to use (no more remembering passwords), and safer, as sensitive information isn’t stored on servers or shared across the internet.
Passkey support was added in iOS 16 through iCloud Keychain (synchronised to all Apple devices) and Android 9 through the Google Password Manager (synchronised with all Android devices). Support for third-party providers, like 1Password, Bitwarden, and ProtonPass was added later (iOS 17 and Android 14) and those solutions are agnostic of the platform.
While we believe in the future of passkeys, it’s important to remember that it’s still a relatively new technology in terms of adoption. The standard was first developed for the web, making current mobile support imperfect and dependent on the platform and OS version. We will continue to follow the latest changes to provide our app users with the best experience possible.
Passkeys in SwissBorg
Traditionally, passkeys are introduced to replace passwords or to be used as a strong secondary factor. Those are great reasons but don’t directly apply to SwissBorg. Indeed, our application’s security is already based on asymmetric cryptography: the mobile phone holds a private key linked to your account, physically bound to the device. We don’t have a password to replace! And for the second typical use case, we already enforce a PIN or a passphrase to make sure it’s you who’s holding the phone.
Those factors together – something you have and something you know – make the now famous “Two Factors Authentication” (2FA).
There is however one place where we thought passkeys would shine: recovering an account on a new phone.
1. Passkeys vs. Recovery Phrase
- Because passkeys are standard and supported by all major vendors, you can rely on them to store your passkeys. You can even use a physical USB dongle to store your passkey if you prefer.
- Better user experience: you don’t need to manually enter words, your passkey will be discovered for you and directly used with only a few clicks.
- Phishing Resistance: recovery phrases can be vulnerable to phishing attacks if someone tricks you into revealing them. Passkeys are phishing-resistant because they are designed to never be revealed, not even to you. A registered passkey is linked to SwissBorg only, a malicious website or app can’t use it or try to extract it by tricking you.
- Following the above points, we will phase out Recovery Phrases and eventually completely replace them with passkeys.
2. Faster Recovery Than Manual Support
- Manual recovery is a slow process because we need to make sure of who you are only from identity documents. With passkeys, you can install the SwissBorg app on a new device in a matter of minutes.
What should I do now?
We encourage you to try it out and register a passkey, in case you need to recover your SwisBorg account in the future. That way, you will also be ready for future use cases that leverage passkeys. When you have your passkey safely registered, you can revoke your existing recovery phrase.
The current way to log into the SwissBorg app won’t change. Installing the app on a new device is the passkey's first use case.
Conclusion
By introducing passkeys for account recovery, we are significantly improving both the user experience and the efficiency of our operations. Users benefit from a faster, more secure, and hassle-free recovery process, eliminating the need for managing complex recovery phrases or waiting for manual support. At the same time, this shift reduces the load on SwissBorg’s support teams, allowing them to focus on more critical tasks, as users can now quickly recover their accounts on their own.
Looking ahead, passkeys will not only simplify recovery but also open up new possibilities for enhancing our platform’s security and convenience. One of the most exciting future use-cases is a passkey-based web login, where users will be able to log into SwissBorg through a seamless and secure authentication process on any device—no passwords required. We’re happy to have taken this step forward in making investing in crypto easier and safer for our community of app users.
