Design Guidelines

Make passkeys easy to use with best practices backed by user experience research.

Based on open standards: Passkeys use standard public key cryptography to provide phishing-resistant authentication
Phishing-resistant: Unlike passwords, passkeys are always strong and phishing-resistant
Faster, simpler sign -ins: Passkeys replace password-only sign ins with secure and fast sign ins across all devices

Design patterns

There are 14 design patterns for passkeys. Get started with two essential patterns and add optional patterns to your deployment of passkeys based on your unique business needs.

Get started with essential patterns

Patterns are self-contained experiences that can be combined to match your unique business needs.

Optional patterns

Start with the two Get Started patterns and add optional design patterns based on your unique business needs.

Design resources

Get started

Get to know FIDO Design Guidelines and learn how to to use the patterns, principles, and resources.

Design patterns

14 design patterns are the heart and soul of the Design Guidelines. Use the research-backed patterns to jump-start your work with passkeys.

FIDO Accessibility

Read the guidance for Making FIDO Deployments Accessible to people with Disabilities.

Figma UI Kit

Use FIDO’s Figma UI Kit to accelerate the creation of your prototypes with passkeys.

FIDO Dev Community Group

Get answers and join the FIDO-dev mailing list powered by Google Groups.

[VIDEO] 4 minute video from Google

Watch this video from Google to understand passkeys in this 4 minutes.

Design events

Conference: Identiverse

Announcing the FIDO Design Guidelines for Passkeys @ The Identiverse conference
May 26th – May 28th

Webinar: Design Guidelines

In the first of a four-part Webinar series, you’ll quickly learn the essentials of why major consumer service providers are adopting passkeys as the foundation of their consumer authentication strategy.

Webinar: Design Guidelines

In the second of a four-part Webinar series, you’ll learn how to adapt your authentication experiences to better solve key metrics for consumer authentication.

Webinar: Design Guidelines

In the third of a four-part Webinar series, you’ll learn how to drive revenue and decrease costs with passkeys for consumer authentication.

Webinar: Design Guidelines

In the final edition of a four-part Webinar series the floor is yours to ask FIDO Alliance subject matter experts anything in an: “Ask Me Anything” format! 

In-person workshop

Design Workshop @ The Authenticate conference 14th – 17th October 2024

Design guideline underwriters

FIDO Alliance is a 501(c)(6) non-profit organization. Hiring an independent, third party Design research firm incurs costs. Eight FIDO Alliance member companies contributed to underwrite the costs of this research. We’d like to thank them for their financial support to help make this work possible.


                                       

 

                                              

 

FIDO Alliance UX Working Group contributors:

1Password, American Express, Apple Inc., Axiad IDS, Inc. , Beyond Identity, Inc. , BlinkUX, Dashlane, Duo Security at Cisco, Google Inc., HYPR, IBM, Idemia, Intuit, JP Morgan Chase Bank, NA, Mercari, Inc., Meta, Microsoft, Nok Nok, Okta, Inc., Onfido Ltd., PayPal, Samsung Electronics Co., Sony Group Corporation, Target Corporation, Telecommunications Technology Association, Trusona, Inc., TrustKey, U.S. Bank, VMware, Wells Fargo, WiSECURE Technologies, Yubico

Objective

2024 marks FIDO Alliance’s fourth year producing Design Guidelines. The guidelines are practical resources for product managers, designers, researchers, and engineers at service providers deploying passkeys at scale. The guidelines accelerate decision-making and reduce the work needed by service providers.

  • Decrease time to sign in.
  • Increase first try sign-in success.
  • Deprecate the use of SMS one-time passwords (OTPs).
  • Reduce or eliminate new account creation with passwords.
  • Reduce password recovery processes and associated costs.
  • Increase passkeys adoption and successful creation of passkeys.
  • Learn which moments in the customer journey are optimal for enabling passkeys.
  • Reduce the time and costs with re-usable design patterns proven through rigorous usability research.

About the User Experience Working Group

To accelerate adoption of FIDO solutions and achieve the FIDO Alliance’s vision of helping reduce the world’s overreliance on passwords, the FIDO Alliance UX Working Group serves as subject matter in usability and user experience. The FIDO Alliance UX Working Group is composed of 129 people from 51 companies. The Chairs of the UX Working are Kevin Goldman of Trusona and Mitchell Galavan of Google. Within the UX Working Group there are work streams that focus on:

  • Accessibility
  • Content Strategy
  • Customer success
  • Design
  • Engineering
  • Program management
  • User experience research  

Scope of research

Each year from December to May the FIDO Alliance User Experience Working Group runs rigorous usability research of passkey experiences. They’ve identified 270 moments across enterprise and consumer journeys that can benefit from passkeys. 14 of the most high-impact moments in the consumer journey are included in the Design Guidelines.

In collaboration with the UX Working Group, a research and design agency called Blink UX conducted the research that inform the guidelines. Research participants include U.S. consumers ages 18-70. The research covers use cases for mobile, desktop and security keys. In 2023 the UX Working Group conducted research with participants who are blind or had low vision and used their devices’ native screen reader (Talkback or Voiceover) to navigate and consume content.

The guidelines focus on design and user experience concepts that are unique to FIDO with synced passkeys. You will see various forms of identity proofing and non-FIDO authentication examples throughout the guidelines. The guidelines do not prescribe security guidelines for identity proofing or other non-FIDO authentication mechanisms as they are unique to each service provider and based on their own unique business needs and security policy.

Yearly research process: January to May

  1. Document experiences enabled by new FIDO technologies.
  2. Audit well-known deployments of passkeys
  3. Interview platform providers
  4. Interview service providers who have developed passkeys
  5. Define the use cases to test in a given year
  6. Brainstorm the optimal experiences for the use cases
  7. Prototype and/or build coded experiences based on the brainstorms
  8. Repeat four times: Test each experience in 60 to 90 minute one-on-one remote interviews via Zoom
  9. Repeat four times: Refine the prototypes and/or build
  10. Test the usability of the Guidelines themselves with service providers (new for 2024)

Questions and feedback

If you’re a service provider deploying passkeys or creating products that support passkeys in the marketplace, we want to hear from you and get your feedback on your experiences, these Design Guidelines, or anything else you’d like to share. Please get in touch with us at info@fidoalliance.org