Passkey is the Future, and the Future is Now with Red Hat Enterprise Linux (2024)

Red Hat Enterprise Linux 9.4 introduces the ability for centrally managed users to authenticate through passwordless authentication with a passkey, meaning it's an enterprise Linux distribution with Fast Identity Online 2 (FIDO2) authentication for centrally managed users! This is all built on the Identity Management solution already in Red Hat Enterprise Linux, but enhances product security by enabling passwordless, Multi-Factor Authentication (MFA), and Single Sign-On (SSO).

What is Passkey?

A passkey is aFIDO2 compatible device that can be used for user authentication. FIDO2 is an open authentication standard based onpublic-key cryptography. It is more secure than passwords and one-time passwords, and simpler to use. It is usually provided as a hardware security token like a small Universal Serial Bus (USB) and Near Field Communication (NFC) based device. There are several brands of FIDO2 compliant keys, including NitroKey and SoloKey v2, and we'vecollaborated with Yubico to create a more seamless integration between RHEL and Yubikey.

The use of new tools to authenticate users, such as FIDO2 and External Identity Providers, is becoming increasingly popular because it improves the security authentication process.

Passwordless authentication is a paradigm shift in authentication. It aims to eliminate the need for traditional passwords, and in this article I outline its benefits compared to traditional password-based authentication.

Password-based authentication

Password authentication poses security risks, including brute force attacks, password reuse, phishing attacks, and more. From a user experience perspective, passwords are cumbersome to remember and prone to user error. Users often use the same password for multiple accounts, or else they rotate between a few different ones, and rarely invent entirely new passwords. Companies attempt to mitigate this by enforcing password policies, rotation, and management. It's up to users to not share accounts and passwords, intentionally or otherwise.

Password managers can help, but many users either aren’t aware of them or find them too complicated to use. This often leads to passwords on sticky-notes or changing passwords by just adjusting a few characters.

It's not uncommon to look at the news and see a major data breach reported by a major company, revealing that malicious actors got access to millions of passwords. As a countermeasure, the company forces its users to reset credentials. That, of course, only displaces the problem and solves nothing!

User authentication terminology

In modern authentication methods, there are some important terms you must understand:

  • Two-factor authentication (2FA): Two distinct forms of identification are needed to authenticate. One of them is usually a password, and the other a code or a biometric reading, such as a fingerprint. The classic adage is, "Something you know, and something you have"
  • Multi-Factor Authentication (MFA): Two or more distinct forms of identification are needed to authenticate. This is similar to 2FA, but in this case it requests two or more factors
  • One-time password (OTP): A password that's valid for only one authentication process. They are often used as a second authentication factor in 2FA/MFA. Two shortcomings are that they can feasibly be intercepted, and they're susceptible to phishing attacks
  • Single Sign-On (SSO): An authentication scheme allowing a user to log in with a single ID to several services and applications
  • Passwordless: An authentication method that allows access to a system without entering a password or answering security questions. Instead, the user provides some other form of evidence, such as a fingerprint, proximity badge, or hardware token code. It's often used alongside MFA and SSO to improve the user experience, strengthen security, and reduce IT operations expense and complexity

Passkey authentication in Identity Management on RHEL

Passkey is a combination of passwordless and MFA mechanism. Furthermore, MFA is provided by requesting a Personal Identification Number (PIN) to unlock the token to process the authentication request. Passwordlessness is provided by using public key cryptography (a key pair is generated during the registration process).

Additionally, as long as the device implements it, other authentication factors (such as a fingerprint) are requested. Finally, along with authentication, a Kerberos ticket is granted. This can be used for further identification on network resources, which enables SSO.

All this together eliminates the need for passwords and enables strong authentication. In addition, it can reduce the risk of a data breach, because passwords aren’t reused, the public key pair is generated for each service, and the private key resides inside the token.

Why is it important?

Passwordless authentication aligns with regulatory requirements for data protection and security, such as General Data Protection Regulation (GDPR) and Payment Service Directive (PSD2). By implementing strong authentication methods, organizations can better safeguard sensitive information and comply with regulatory standards.

A memorandum from theU.S. Government establishes new policies to enhance security by enforcing passwordless authentication, combined with MFA standards and SSO:

  • “Enterprise identity management must be compatible with common applications and platforms. As a general matter, users should be able to sign in once and then directly access other applications and platforms within their agency’s IT infrastructure.” (page 6)
  • “Fortunately, there are phishing-resistant approaches to MFA that can defend against these attacks. The Federal Government’s Personal Identity Verification (PIV) standard is one such approach. The World Wide Web Consortium (W3C)’s open “Web Authentication” standard, 8 another effective approach, is supported today by nearly every major consumer device and an increasing number of popular cloud services…” (page 7)

Passwordless authentication leverages modern technologies such as biometrics, cryptographic keys, and device-based authentication. These technologies offer higher levels of security and scalability compared to traditional password-based authentication methods.

Passwords are vulnerable to numerous security threats that are challenging to overcome using technology and strategies in use today. The main purpose of the passkey feature is to strengthen security, and at the same time to provide a pleasant user experience. This is achieved by using open and well-established standards that enable passwordlessness, MFA, and SSO.

With passkey functionality, users require only a hardware device, and another authentication factor, such as a PIN or a fingerprint, to eliminate the reliance on passwords while elevating security standards. Additionally, issuing a Kerberos ticket alongside the authentication enables SSO capabilities. By integrating these features all together, the risk of data breaches, phishing threats, man-in-the-middle attacks, and other security threats can be significantly reduced, positioning your organization well on its security journey.

What next?

Identity Management in Red Hat Enterprise Linux 9.4 now offers the passkey feature to leverage all these capabilities: passwordless, MFA, and SSO.

The good news is that it's so easy to use that there are no excuses to not use it! Watch this quick demonstration to see for yourself:

Red Hat solutions architects and sales teams are ready, and more than happy, to guide your organization through this security journey.

Passkey is the Future, and the Future is Now with Red Hat Enterprise Linux (2024)


What is Red Hat Enterprise in Linux? ›

Red Hat Enterprise Linux (RHEL) is an enterprise Linux operating system (OS) developed by Red Hat for the business market. RHEL, formerly known as Red Hat Linux Advanced Server, is certified with thousands of vendors and across hundreds of clouds.

Is Red Hat Enterprise Linux worth it? ›

It is one of the most stable OS that are available. The product saved us a lot of money compared to other products, like Solaris. Also, having one OS as opposed to many OSs is nice. For the most part, the benefit for the organization is saving money compared to other operating systems and having good stability.

How to set password complexity in redhat Linux? ›

  1. Enforce password complexity for root.
  2. Password size (Minimum acceptable length for the new password).
  3. Set a limit to the number of digits in the password.
  4. Set a limit to the number of Upper Case characters in the password.
  5. Set a limit to the number of Lower Case characters in the password.
Jun 13, 2024

What is the username and password for Red Hat Enterprise Linux 5? ›

Enter the IP address of the RHEV Hypervisor host you wish to connect to. Enter the username root and use the password mypass.

Why is Linux called Red Hat? ›

The name Red Hat came from Ewing's experience in his college computer lab. He would wear his grandfather's red Cornell lacrosse cap, and people would say, "If you need help, look for the guy in the red hat."

What is the difference between Red Hat Linux and Linux? ›

How is RedHat Enterprise Linux different from Linux? RHEL is an operating system that uses (the) Linux (kernel) as one component, the kernel. But it contains other stuff too, like the actual userspace programs that are necessary to use the kernel in any meaningful way. Plus it packages applications programs.

Why is Red Hat Linux so popular? ›

Red Hat is one of the leading contributors to the Linux kernel and associated technologies in the greater open source community. Red Hat engineers help improve features, reliability, and security to make sure your infrastructure performs and remains stable—no matter your use case and workload.

Is RhCSA worth it in 2024? ›

The RHCSA (Red Hat Certified System Administrator) certification can be a valuable asset, especially for those new to Linux administration. It validates your foundational Linux skills through a hands-on exam and demonstrates your ability to manage Red Hat Enterprise Linux systems.

What is the minimum length of password in redhat? ›

RHEL-07-010280 - The Red Hat Enterprise Linux operating system must be configured so that passwords are a minimum of 15 characters in length.

How do I change my root password in Red Hat Linux? ›

Log in using the root account password. From the command line, type passwd and then press the <Enter> key. At the New password: prompt, type the new password and then press the <Enter> key. At the Retype new password: prompt, retype the password and then press the <Enter> key.

What is the algorithm for passwords in Linux? ›

In Linux, user passphrases are hashed using the crypt function, and then the hashed passphrases are stored in the shadow file. The id is the hashing method used when hashing the passphrase. For example, if the hash value is produced by yescrypt, the ID will be y, and 6 if the sha512crypt method is used.

Is Red Hat Enterprise Linux a server? ›

Red Hat® Enterprise Linux® Server is the most popular variant of Red Hat Enterprise Linux. Red Hat Enterprise Linux Server is the operating system: incredibly simple to control, easy to administer, and can be deployed on physical hardware systems, on virtual machines, or in the cloud—wherever it's needed.

What is the current version of Red Hat Enterprise Linux? ›

Red Hat Enterprise Linux 9.4 is our latest release, but with access to all supported versions and a 10 year life cycle, you can upgrade on your schedule and adopt new features when needed.

What is the browser for Red Hat Linux? ›

Mozilla functions like any other Web browser. It has the standard navigation toolbars, buttons, and menus. If you have previously been using Netscape as your Web browser and performed an upgrade of Red Hat Linux, the first time that you start Mozilla you will not see the main Mozilla browser as seen in Figure 5-1.

Who uses Red Hat Enterprise Linux? ›

Companies Currently Using Red Hat Enterprise Linux Server
Company NameWebsiteSub Level Industry
UPSups.comFreight & Logistics Services
Magellan Aerospacemagellan.aeroAirlines, Airports & Air Services
Harris Corporationl3harris.comAerospace & Defense
Saint-Gobainsaint-gobain.comGlass & Clay
2 more rows

Are RHEL and CentOS the same? ›

Conclusion. In summary, CentOS and Red Hat OS are two widely used Linux OS. The primary distinction between these two OS is that CentOS is a community-supported Linux OS that is compatible with RHEL. In contrast, Red Hat is a commercially oriented Linux distribution.

Top Articles
Latest Posts
Article information

Author: Dan Stracke

Last Updated:

Views: 5630

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Dan Stracke

Birthday: 1992-08-25

Address: 2253 Brown Springs, East Alla, OH 38634-0309

Phone: +398735162064

Job: Investor Government Associate

Hobby: Shopping, LARPing, Scrapbooking, Surfing, Slacklining, Dance, Glassblowing

Introduction: My name is Dan Stracke, I am a homely, gleaming, glamorous, inquisitive, homely, gorgeous, light person who loves writing and wants to share my knowledge and understanding with you.