Anyone using Synology devices as well as their services, certainly heard about Synology C2. If that is not the case, C2 is a collection of cloud-hosted platforms covering password management, backup, identity management as well as metric and diagnostics.
To use Synology C2 services (both free and commercials) we need to have a valid Synology Account to be able to tie it with those selected platforms.
The Account offers an overview of all the devices, services, and warranties, as well as subscriptions that an individual or a company uses.
To set up and use any C2 service we need to connect it to a valid Synology account and set up a C2 encryption key.
Because access to the C2 platforms requires entering the C2 encryption key it is no wonder that Synology has started to follow up in the steps of other bigger tech companies such as Apple, Microsoft, and Google with the implementation of passkeys.
Passkeys are a new and efficient way to sign in or authenticate yourself on websites and services, providing a secure and convenient alternative to traditional passwords. At their core, passkeys leverage advanced cryptographic techniques to randomly generate a unique code for sign-ins.
The main benefit of the passkey is that it is broken into public and private keys. This makes them immune to hacking or phishing attacks. Paired with a hardware device that has any type of biometrics (fingerprint or face recognition), we no longer have to type in complex passwords (or even memorize them).
Using this user-friendly and seamless experience we get improved security and a much lower level of unauthorized access.
With passkey support on both browsers and mobile applications, signing in to your C2 accounts is now easier than ever.
How to configure the passkey in C2?
Configuration of the new passkey method is done using the C2 service portal by opening the Manage Account option inside the account menu (avatar in the upper right corner).
In terms of both hardware and software requirements there are some prerequisites:
Computer and operating system
- Windows PC or Mac computer
Your device must have fingerprint or facial recognition features, or be connected with a FIDO2/WebAuthn-compatible hardware key.
- Linux computer
Biometrics are not supported by Linux systems. You can still use a FIDO2/WebAuthn-compatible hardware key.
- Safari 15.4 and above
- Microsoft Edge (Chromium-based)
Once we are on a compatible device three major steps are needed to make this work.
Entering the current C2 encryption key is a security measure and the only prerequisite step. As indicated before, be sure to not forget or lose the key as without it we can't configure the passkey method.
Once the process has been completed the account management section will be slightly different.
Also, using the passkey can now be found anywhere where a C2 encryption key is needed. Instead of typing the key, we will have the option to log in using a device holding the passkey.
If the passkey is, for example, part of iCloud Keychain, any compatible* device connected with the same Apple ID can be used to authenticate. One example is using a 3rd party computer to log in that will send a QR code challenge that in the end can be unlocked with an Apple iPhone holding the passkey.
Synology has not yet implemented login to DSM using passkeys, well not officially, but this might indicate that they will in the future. It would be excellent to have this option as an addition to their Secure SignIn feature. While on the subject of an unofficial method of DSM login, be sure to check the following article to see how we can use the Apple Safari browser to log into the DSM OS.
In the end, it is great to see more secure methods being implemented, as today's need for extra security is higher than ever. Be sure to configure the passkey on your C2 profile as a faster and more secure authentication method.