Skip to main content

Login via Mobile Device (Cross-Device Authentication)

This approach uses the operating system’s built-in hybrid transport functionality (part of the CTAP 2 specification) for secure cross-device authentication. Passkey Intelligence automatically determines when to offer QR code login. It only displays the QR code option when it detects that the user has a passkey on their mobile device, ensuring a high probability of successful authentication.
Security Requirements: Both devices must have internet connectivity and Bluetooth enabled for cross-device authentication to work. This dual-channel approach (QR code for initial pairing + Bluetooth proximity verification) is a critical phishing protection mechanism built into passkeys, ensuring the authenticating mobile device is physically near the desktop device being logged into.
  • macOS
  • Windows
hybrid-via-qr-macos.png

macOS hybrid login via QR code

1

User enters identifier

  • User enters their identifier (email/username) on the login page in textfield.
  • System now knows which user account is attempting to log in.
2

Passkey Intelligence determines cross-device authentication is available

  • The system uses Passkey Intelligence to analyze the user’s passkey availability.
  • It automatically detects that this user has a passkey stored on their mobile device.
  • Based on this intelligence, the system prepares to offer cross-device authentication via QR code.
3

OS displays QR code screen

  • The operating system displays a screen preparing the user for cross-device authentication.
  • The operating system generates a QR code for secure pairing.
  • Instructions prompt the user to scan the code with their mobile device.
  • Requirements: Both devices must have internet and Bluetooth enabled.
4

User scans QR and authenticates

  • User scans the QR code using their mobile device where the passkey is stored.
  • Bluetooth proximity check: The OS verifies both devices are physically close (phishing protection).
  • The mobile device performs biometric or PIN authentication.
5

Login completes on current device

  • Authentication response is securely sent back via the internet connection to complete login on the desktop device.
  • User is granted access on the current device.
I