As of the MySQL 8.0.27 release, users can utilize Passkeys as an authentication method, enhancing security and reducing complexity. Consequently, Passkeys can help support businesses in managing access to sensitive information.
Passkeys, also known as passwordless or multi-factor authentication (MFA), are generated and stored client-side. Unlike traditional passwords, users do not need to remember or type them. Furthermore, in the context of MySQL, a Passkey is established using a sequence of steps in the user environment, negating the need for physically secure tokens.
Why Choose Passkeys
There are various advantages associated with utilizing Passkeys over traditional passwords:
- No requirement to memorize and type lengthy passwords.
- Authentication is a transparent, uncomplicated process for users.
- Removes exposure to phishing episodes involving passwords.
- Adherence to uncomplicated password rotations.
- Mitigating the influence of stolen passwords and server-side attacks.
Establishing Passkeys with MySQL
Setting up Passkeys on MySQL requires both server-side and client-side configuration. The MySQL server needs to support a connection encryption method such as TLS and be set to ‘caching_sha2_password’, which automatically supports the Passkeys.
Moreover, the server requires the RSA encryption algorithm and proper private key, thus resulting in integration with an existing Relying Party (RP) service. RP handles all cryptographic operations concerning the Passkeys on behalf of the user and manages user associations.
mysql> CREATE USER 'user1'@'%' IDENTIFIED WITH caching_sha2_password BY 'RSA' REQUIRE X509 REQUIRE CONNECTION_SSL;
Implementing an Existing RP Service
It is recommended that you consult official W3C documentation for general information about Passkeys and integrating with an Relying Party service. Be that as it may, you can utilize a WebAssembly module in your preferred programming language or opt for a server-based alternative.
Following is an example in Node.js to set up and assert the Passkey key:
const createAuthenticator = require('authenticator/create');
const authenticator = new Authenticator({
origin: 'https://your-website.com',
});
app.post('/callbackAuth', verifyPublicCredential, authCallback);
function authCallback(req, res) {
const { body } = req;
const passkey = authenticator.finishRegistration(body);
res.status(200).send({ passkey: JSON.stringify(passkey) });
}
Setup and Use
Setting up Passkeys with MySQL takes place on two primary levels: Server and Client. This article has demonstrated server-side setup.
On the client-side, it is usually set up within a website’s login and will involve the creation of Passkey keys, and an existing RP service is associated with the given user. Please consult the service’s documentation to find the procedures for generating Passkey keys.
As always, at PersonIT (www.person-it.com), they are here to provide assistance to all users in enabling and implementing Passkeys in different databases.
Going Forward
Currently, MySQL supports this option as of version 8.0.27, therefore it is recommended to set the release level during the setup properly. If you cannot switch your current MySQL to 8.0.27 level, let the PersonIT team do it for you.
In future updates, the information about how the new functions such as the Passkey authentication are working with databases with lower versions will become clear, and when you do look for further action on legacy systems, www.person-it.com customers are ahead of the rest, with this innovative MySQL technology.
Thanks for reading. Check this website again in few days for more from Database stories, the PersonIT database company brings to the whole IT world, especially with regard to web application.