Introduction to Cross-Device Passkey Authentication
We are introducing a novel approach to enable cross-device passkey authentication for devices with inaccessible displays, such as XR devices. Our approach bypasses the use of QR codes and enables cross-device authentication without the need for an on-device display, while still complying with all trust and proximity requirements.
Understanding Passkeys and Their Importance
Passkeys are a significant leap forward in authentication, offering a phishing-resistant, cryptographically secure alternative to traditional passwords. However, the standard cross-device passkey flow relies on two primary mechanisms: QR code scanning and Bluetooth/NFC proximity.
The Challenge: No Screen, No QR Code
For devices with no display, the QR code method is impossible. Proximity-based discovery is feasible, but initiating the user verification step and confirming the intent without any on-device visual feedback can introduce security and usability risks.
Our Solution: Using a Companion App for Secure Message Transport
We made the flow easy to navigate by using in-app notifications to show users when a login request has been initiated, take them directly into the application, and immediately execute the login request. Here’s how this plays out on a Meta Quest with the Meta Horizon mobile app:
- The Hybrid Flow Message Is Generated: When a passkey login is initiated on the Meta Quest, the headset’s browser locally constructs the same payload that would have been embedded in a QR Code.
- The Message Is Sent to the Companion App: The headset requires a secure and deterministic method for transferring it to the user’s phone. The system leverages the Meta Horizon app’s authenticated push channel to deliver the FIDO URL directly to the mobile device.
- The Application Sends a Notification of the Login Request: After the FIDO URL is delivered to the mobile device, the platform’s push service surfaces it as a standard iOS or Android notification indicating that a login request is pending.
- The App Executes the Hybrid Command: Once the user approves the action on their mobile device, the secure channel is established as per WebAuthn standards.
Impact and Future Direction
This novel implementation successfully bypasses the need for an on-device display in the cross-device flow and still complies with the proximity and other trust challenges that exist today for cross-device passkey login. We hope that our solution paves the way for secure, passwordless authentication across a wider range of different platforms and ecosystems.
Frequently Asked Questions
- What is cross-device passkey authentication? Cross-device passkey authentication is a method of authentication that allows users to authenticate on one device using a passkey stored on another device.
- How does cross-device passkey authentication work on XR devices? Cross-device passkey authentication on XR devices works by using a companion app to transport the passkey request from the XR device to the user’s mobile device, where the passkey is stored.
- What are the benefits of cross-device passkey authentication? The benefits of cross-device passkey authentication include increased security, convenience, and ease of use.
- Is cross-device passkey authentication secure? Yes, cross-device passkey authentication is secure because it uses end-to-end encryption and comply with all trust and proximity requirements.
- Can cross-device passkey authentication be used on other devices besides XR devices? Yes, cross-device passkey authentication can be used on other devices besides XR devices, such as smart home hubs and industrial sensors.








