Passkeys for your EE ID

JordanTA
EE Knowledge Specialist

This month we’re helping you get super secure with the launch of passkey. Set up passkey from the EE app (or the Profile section on ee.co.uk) and you’ll be able to use it to log in, instead of remembering those complex passwords. Use your fingerprint, PIN or face recognition and you’re in! Just make sure you’re on the latest version of the EE app.

They're secure and much less vulnerable to cyber-attacks, scams, and data breaches than passwords. They can be easier to use because you won't need to remember a password.

EE won't store your fingerprint, PIN or face data. It's always kept safely on your device.

Check out our help page for information

 

15 Comments
XRaySpeX
EE Community Star
EE Community Star

Shouldn't the title be "Passkeys for your EE ID on the app"? You wouldn't be able to do this online from a PC thro' a browser.

JordanTA
EE Knowledge Specialist

No @XRaySpeX , you can do it on a browser through Profile > Login information > Security - manage.

JordanTA_0-1739179959213.png

Cheers

XRaySpeX
EE Community Star
EE Community Star

I was referring to trying to do a fingerprint or maybe face recognition on a PC. That just leaves a PIN.

JordanTA
EE Knowledge Specialist

@XRaySpeX you can get laptops/pcs with biometrics, apparently it works as expected (it was the first thing I questioned when putting the article together). 

XRaySpeX
EE Community Star
EE Community Star

Yes, but not many have them.

michael23578925
Established Contributor
Established Contributor

I'm thrilled to see EE implement passkeys. Unfortunately the implementation is incorrect, at least on android. The passkey can only be stored on the device in an unknown location, I suspect play services. It can't be stored in any password manager, not even Google password manager. This is not great. So I can't use 1Password and I can't use my yubikey to store the passkey. I've not had the chance to test other platforms yet

Also you can't make the passkeys on the EE website, which is critical to passkey management 

Are there any plans to improve this?

For a textbook implementation of passkeys, see GitHub. Their implementation is how it should be done

Shadow_Tail
Established Contributor
Established Contributor

I used it then removed it. I can't create a passkey on a my web browser, so created it on mobile app only to end up using Google Play services and can't use my own Password Manager app. This is almost as bad as EE needing a phone number for two factor authentication, if you don't you're forced to or you can't login and not giving you another option to use your own Authentication app. 

Hopefully EE catches up to allow users to have more options.

chistery
EE Community Star
EE Community Star

Working fine here with my Password manager on Android (Bitwarden).

michael23578925
Established Contributor
Established Contributor

Oh wow, PayPal have just sent out the following email.  They have finally understood how Passkeys are meant to work and are following suit.  Please EE can you take a leaf out of their book!  Also see github for ideal implementation!  Let's get rid of insecure SMS  forever, and passwords too!  

Also please make your service 1password compatible both on Windows and Android!

 

---

 

Enhanced Security with PayPal Passkey update

To enhance security, we're enabling your PayPal passkey as a two-factor authentication (2FA) method.

To strengthen your account security, the passkey you use to access your PayPal account will soon be used for two-factor authentication (2FA). This will make signing in faster by reducing authentication steps. Your current passkey remains valid, and no action is required from you. Previously your passkey was used as one of the two authentication methods with PayPal. Soon, it will verify your login in a single step, making it even easier and faster to pay with PayPal.

2FA is designed to make sure you’re the only one who can access your account. It works by asking for additional info, such as a one-time code, on top of your password. Passkeys support this by saving a unique code on your device that proves it's really you, and combining it with a second action like using your face or fingerprint to log-in.

There is no action for you to take. Your current passkey will remain valid and will be used as part of the 2FA process. You can remove your passkey anytime in your PayPal account settings. If you have any questions, please review our FAQ page here  or contact our customer support team . More information about 2FA and regulatory requirements can be found here .

TheSonyFony
New Member

I can confirm the implementation of past keys is broken on Android devices I was however able to use a third party password manager plug-in on the Firefox web browser on my desktop to create a passkey then found I could not use it, also as Passkeys have two parts there is no reason to delete a passkey unless it was used to gain unauthorised access, which is much less likely than a password compromise, one final note SMS verification is the lowest of two step verification methods most systems have now moved to authenticators or push notifications using an app

TheSonyFony
New Member

Sorry for the auto correction 😅 I ment Passkeys not "past keys"

Rky
Prodigious Contributor
Prodigious Contributor

I activated this today; email came to confirm this too but when I’m trying login it doesn’t work as passkey, it asks for username then password then on next page it asks for OTP which comes as sms to my number, I enter and then login; but this is not passkey; looks like your developer has not configured it properly, with passkey, I can login with faceID, PIN etc and I don’t have to rely on entering password 

 

A passkey is a digital credential, a secure alternative to passwords, that allows users to authenticate to websites and apps using their device's built-in security features like biometrics (fingerprint, face scan) or a PIN, without needing to enter a password. 
chistery
EE Community Star
EE Community Star

@Rky On what type of device? Seems to work ok on my PC, Android and iPhone

TheSonyFony
New Member

Good point @chistery 

Tested on

Samsung Galaxy S21 Ultra, One UI 6.1, Android 14

Chrome and Firefox (Firefox - Bitwarden extension)

Ubuntu 22.04 Firefox with Bitwarden extension

Passkey did not save properly using the Google Android password manager so tested it with the Bitward Android app, and it seems to have worked. 

So a solution could be to use Bitwarden apps and browser extensions for now, hope this helps.

Rky
Prodigious Contributor
Prodigious Contributor

I can confirm now that this is working fine