Secure access to Baseform in just one step
Phishing-resistant, passwordless sign-in — the same technology deployed by Apple, Google, and Microsoft — is now live across the Baseform platform.

Baseform has rolled out passkey authentication across its platform, bringing to water utilities the strongest sign-in technology available today. Passkeys — built on the FIDO2/WebAuthn open standard — are the industry's designated successor to passwords, already adopted by Apple, Google, Microsoft, Amazon, PayPal, and hundreds of millions of accounts worldwide.
Why this matters for critical infrastructure
Utility software holds a live, continuously updated picture of the network it serves. Baseform's position has always been that the security of that picture is not a feature — it's a precondition. Adopting passkeys is the latest step in that commitment.
Unlike passwords, passkeys cannot be stolen, guessed, or phished. Each passkey is a unique cryptographic key pair: the private key never leaves the user's device, and the public key is useless to an attacker. Because the pair is bound to id.baseform.com, it simply won't work on a look-alike site — eliminating the phishing vector entirely. There is no shared secret stored on any server, and therefore nothing for a breach to expose.
This is the same standard that Google reports is now used more often on its accounts than SMS and app-based one-time codes combined, and that security programs protecting high-risk users have adopted as a primary factor. It is, by industry consensus, the state of the art — and it is now the state of Baseform.
Security without friction
The best security is the kind people actually use. Passkeys authenticate with the device's own unlock — fingerprint, face, or PIN — making sign-in both stronger and measurably faster than passwords with SMS codes. For utility IT teams, that means top-tier, phishing-resistant authentication with zero added burden on staff: no credentials to manage, rotate, or reset.
Passkeys are available now for all Baseform users at id.baseform.com. Existing password and SMS sign-in remain fully supported. IT departments looking to review the implementation or plan an organization-wide rollout can contact us for technical briefing materials.