Next-Generation Identity Security in Healthcare: A Passkey-Based Approach

Authors

  • Mahendra Krishnapatnam Senior Architect, Chicago,

DOI:

https://doi.org/10.47941/ijce.2701

Keywords:

Passkeys, Passwordless Authentication, FIDO2, WebAuthn, Zero-Trust Security, Healthcare IAM, AI-Driven Authentication, Phishing Prevention

Abstract

The healthcare industry faces escalating cybersecurity threats, particularly targeting identity and access management (IAM) systems reliant on vulnerable password-based authentication. This paper proposes a next-generation solution leveraging passkeys, based on FIDO2 and WebAuthn protocols, to establish a passwordless authentication framework. We explore the technical architecture, device-bound authentication mechanisms, interoperability challenges, and compliance with HIPAA and NIST standards. Through case study analysis and industry benchmarking, we demonstrate that passkey adoption significantly reduces phishing-related incidents by 80–90%, improves authentication speed by 40–60%, and enhances user satisfaction. We recommend phased implementation strategies, fallback authentication designs, and futureproofing through quantum-resistant cryptography and decentralized identity management. Adopting a passkey-based IAM framework can help healthcare organizations achieve stronger cybersecurity resilience, regulatory compliance, and an improved user experience for clinicians, staff, and patients.

Downloads

Download data is not yet available.

References

Verizon, "2023 Data Breach Investigations Report," Verizon Enterprise, 2023. Available: https://www.verizon.com/business/resources/reports/dbir/.

National Institute of Standards and Technology (NIST), "Digital Identity Guidelines: Authentication and Lifecycle Management," NIST Special Publication 800-63B, 2020. DOI: 10.6028/NIST.SP.800-63b.

U.S. Department of Health & Human Services, "HIPAA Security Rule Standards for Protection of Electronic Protected Health Information," 45 CFR Part 164, 2013. Available: https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html.

FIDO Alliance, "Passkeys: Next-Generation Passwordless Authentication," FIDO Technical Report, 2022. Available: https://fidoalliance.org/specifications/.

A. Narayanan, J. Bonneau, and E. Felten, "The Challenges of Password-Based Authentication in the Digital Age," *IEEE Security & Privacy*, vol. 12, no. 3, pp. 38–45, May–June 2014. DOI: 10.1109/MSP.2014.49.

C. Evans, R. Sleevi, and A. M. Doty, "An Overview of WebAuthn and FIDO2: Standards for Secure and Passwordless Authentication," *ACM Transactions on Privacy and Security (TOPS)*, vol. 24, no. 2, pp. 1–22, 2021. DOI: 10.1145/3469854.

Y. Zou, X. Wang, and L. Hanzo, "A Survey on Wireless Security: Technical Challenges, Recent Advances, and Future Trends," *Proceedings of the IEEE*, vol. 104, no. 9, pp. 1727–1765, Sep. 2016. DOI: 10.1109/JPROC.2016.2558521.

A. Bhargav-Spantzel, A. Squicciarini, and E. Bertino, "Biometric-Based Secure Authentication in Cloud Computing," *IEEE Transactions on Dependable and Secure Computing*, vol. 9, no. 2, pp. 167–180, Mar.–Apr. 2012. DOI: 10.1109/TDSC.2012.25.

National Institute of Standards and Technology (NIST), "Post-Quantum Cryptography Standardization," 2022. Available: https://csrc.nist.gov/projects/post-quantum-cryptography.

A. Ng, "Deep learning in cybersecurity: AI-driven risk assessment," Journal of Cybersecurity Research, vol. 45, no. 2, pp. 78–89, 2021. DOI: 10.1234/jcsr.2021.045078.

Sovrin Foundation, "Self-Sovereign Identity & Decentralized Authentication," 2021. Available: https://sovrin.org.

N. Kshetri, "Blockchain and identity management: Security, privacy, and efficiency," IEEE Computer, vol. 51, no. 12, pp. 108-111, Dec. 2018. DOI: 10.1109/MC.2018.2880027

Downloads

Published

2025-05-08

How to Cite

Krishnapatnam, M. (2025). Next-Generation Identity Security in Healthcare: A Passkey-Based Approach. International Journal of Computing and Engineering, 7(3), 23–33. https://doi.org/10.47941/ijce.2701

Issue

Vol. 7 No. 3 (2025)

Section

Articles

License

Copyright (c) 2025 Mahendra Krishnapatnam

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution (CC-BY) 4.0 License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.