Anyone using Synology devices as well as their services, certainly heard about Synology C2. If that is not the case, C2 is a collection of cloud-hosted platforms covering password management, backup, identity management as well as metric and diagnostics.

C2 - Blackvoid
Synology media partner IT & tech blog focused on Synology NAS, SRM, Docker, and other self-hosted solutions

Collection of all C2-related articles

To use Synology C2 services (both free and commercials) we need to have a valid Synology Account to be able to tie it with those selected platforms.

Synology Account portal
Synology Account portal. What is it, and what can it do for you?

Synology Account - one place for all our Synology needs

The Account offers an overview of all the devices, services, and warranties, as well as subscriptions that an individual or a company uses.

To set up and use any C2 service we need to connect it to a valid Synology account and set up a C2 encryption key.

This key is extremely important as it is used to encrypt all the data that is part of any C2 service!

Because access to the C2 platforms requires entering the C2 encryption key it is no wonder that Synology has started to follow up in the steps of other bigger tech companies such as Apple, Microsoft, and Google with the implementation of passkeys.

Passkeys are a new and efficient way to sign in or authenticate yourself on websites and services, providing a secure and convenient alternative to traditional passwords. At their core, passkeys leverage advanced cryptographic techniques to randomly generate a unique code for sign-ins.

The main benefit of the passkey is that it is broken into public and private keys. This makes them immune to hacking or phishing attacks. Paired with a hardware device that has any type of biometrics (fingerprint or face recognition), we no longer have to type in complex passwords (or even memorize them).

Using this user-friendly and seamless experience we get improved security and a much lower level of unauthorized access.

With passkey support on both browsers and mobile applications, signing in to your C2 accounts is now easier than ever.

How to configure the passkey in C2?

Configuration of the new passkey method is done using the C2 service portal by opening the Manage Account option inside the account menu (avatar in the upper right corner).

Passkey authentication steps begin inside the account management
Since an authenticator is just an alternative way to unlock your C2 services, you should still remember or keep your C2 Encryption Key in a safe place. Changing your C2 Encryption Key does not affect your registered authenticators. However, resetting the C2 Encryption Key will delete all your registered authenticators.

In terms of both hardware and software requirements there are some prerequisites:

Computer and operating system

  • Windows PC or Mac computer
    Your device must have fingerprint or facial recognition features, or be connected with a FIDO2/WebAuthn-compatible hardware key.
  • Linux computer
    Biometrics are not supported by Linux systems. You can still use a FIDO2/WebAuthn-compatible hardware key.

Web browser

  • Safari 15.4 and above
  • Brave
  • Chrome
  • Firefox
  • Microsoft Edge (Chromium-based)
  • Opera
Device Support
Detailed information about passkey support across devices and ecosystems

List of supported passkey devices and OS

Once we are on a compatible device three major steps are needed to make this work.

Start by entering the existing C2 encryption key

Entering the current C2 encryption key is a security measure and the only prerequisite step. As indicated before, be sure to not forget or lose the key as without it we can't configure the passkey method.

Enter a descriptive name of the device that will be used to generate the passkey
Depending on the device the passkey generation steps might look a bit different. This is a macOS device with TouchID biometrics
Process completed

Once the process has been completed the account management section will be slightly different.

The option to manage authenticators has been added
We will have the option to add multiple passkey devices as well as to change or delete existing ones from the list

Also, using the passkey can now be found anywhere where a C2 encryption key is needed. Instead of typing the key, we will have the option to log in using a device holding the passkey.

"Use your authenticator to decrypt" option is now listed as a way to unlock with a passkey

If the passkey is, for example, part of iCloud Keychain, any compatible* device connected with the same Apple ID can be used to authenticate. One example is using a 3rd party computer to log in that will send a QR code challenge that in the end can be unlocked with an Apple iPhone holding the passkey.

Synology has not yet implemented login to DSM using passkeys, well not officially, but this might indicate that they will in the future. It would be excellent to have this option as an addition to their Secure SignIn feature. While on the subject of an unofficial method of DSM login, be sure to check the following article to see how we can use the Apple Safari browser to log into the DSM OS.

Synology DSM 7 Passwordless sign-in with Apple Safari and Passkeys
How to access Synology DSM 7 using a passwordless method with Apple’s Passkeys feature in macOS 13 and iOS 16

In the end, it is great to see more secure methods being implemented, as today's need for extra security is higher than ever. Be sure to configure the passkey on your C2 profile as a faster and more secure authentication method.