Vincent
Created: May 10, 2024
Updated: September 10, 2024
Authentication Assurance Level (AAL) refers to a classification used to describe the strength and reliability of authentication processes. Defined in NIST's Special Publication SP 800-63-3, AAL helps organizations determine the appropriate level of security for their digital interactions.
Become part of our Passkeys Community for updates and support.
JoinThere are three levels of AAL:
Each level is tailored to different security needs, ranging from low-risk environments at AAL1 to high-security demands at AAL3.
Here’s a deeper dive into the authentication assurance levels level and their implications:
Subscribe to our Passkeys Substack for the latest news, insights and strategies.
SubscribeRead more about the AAL-conformance of passkeys in this blog.
Ben Gould
Head of Engineering
I’ve built hundreds of integrations in my time, including quite a few with identity providers and I’ve never been so impressed with a developer experience as I have been with Corbado.
3,000+ devs trust Corbado & make the Internet safer with passkeys. Got questions? We’ve written 150+ blog posts on passkeys.
Join Passkeys CommunityAAL1 provides basic authentication security, commonly used in low-risk environments where user convenience is a priority.
AAL2 requires two different authentication factors, significantly reducing the risk of unauthorized access compared to AAL1.
AAL3 is the highest level of authentication assurance, involving hardware-based authenticators and stringent security measures like verifier impersonation resistance.
Synced passkeys (e.g. via iCloud Keychain) are classified as AA2 while device-bound passkeys are classified as AA3-compliant. Read more about it in this blog.
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.
We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour
Start for free