Get started with passkeys

People need to first create a passkey then they can sign in with it. While there are many moments throughout the customer journey where passkeys can add value, these two patters create a successful foundation for every long-term passkey strategy.

Create, view, and manage
passkeys in account settings

Allow people to create, see, and manage passkeys in the account settings area of the digital service.

Sign in with a passkey

Allow people to sign in with a passkey and gracefully fall back to other methods.

Optional patterns

There are many use cases and moments throughout the customer journey to create and use passkeys. The moments where you choose to enable passkey support will vary depending on your unique business needs. Use the optionals patterns to expand and refine your implementation of passkeys over time.

Create a passkey during account recovery due to forgot password

Allow people to create a passkey instead of or in addition to a new password.

Cross-device sign-in

Allow people to sign in on a device that does not have a passkey (laptop/desktop) using a second device that does (mobile device).

Deprecate SMS OTP

Allow people to create a passkey to replace passwords plus SMS OTP authentication.

Introduce passkeys in email and other communications

Introduce and educate people about passkeys with a priming email that is clear and concise to promote adoption.

Passkey management UI: best practices for combining all passkey types

Learn how to properly setup the management UI for passkeys on devices and passkeys on security keys.

New account creation with a passkey

Allow people to create new accounts with a passkey (no password).

Remove passkeys from account settings

Allow people to remove a passkey from their account’s settings.

Use passkeys created on web to sign into mobile app

Allow people to use the same passkey to sign in to their accounts across websites and native mobile apps.

2022: Patterns for passkeys on security keys

Originally published in 2022 and prior to passkeys, these patters provides the user experience (UX) guidelines and best practices for relying parties and implementers seeking to enable multi-factor authentication (MFA) with FIDO security keys as a second factor, based on a regulated industry (e.g., banking or healthcare) use case. These guidelines aim to accelerate decision-making during FIDO implementation and specify what information and controls should be given to users. Note that these UX recommendations are optimized for browser-based sites accessed on desktop/laptop computers, rather than mobile apps or mobile web. The guidelines do not, however, include recommendations about security policies or account recovery.

Awareness of passkeys on security keys

Enroll passkeys on security keys

Manage passkeys on security keys

Sign in with passkeys on security keys