Cyber SafetyIdentity & AccessPress Release

Optimise User Sign-in Experience with Passkeys: FIDO Alliance’s Research-backed Guidelines

The FIDO Alliance today released new user experience (UX) guidelines to help accelerate deployment and adoption of passkeys.

The FIDO Alliance UX Guidelines for Passkey Creation and Sign-ins aim to help online service providers design a better, more consistent user experience when signing in with passkeys. The guidelines are available at https://fidoalliance.org/ux-guidelines/.

Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices. While far easier and more secure than passwords and legacy forms of 2FA, the research performed for these guidelines found that passkey sign-ins present a distinct user journey that service providers need to consider before providing passkey support. The FIDO Alliance UX Guidelines provide evidence-based best practices for key steps in the user journey for passkey creation and sign-in.

“As companies around the world accelerate their move toward passwordless authentication based on FIDO standards, the topic of user experience has risen to the forefront,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance. “Passkeys uniquely can provide a phishing-resistant sign-in as well as a superior user experience which can drive top-line growth by enabling more seamless access to online services and engendering stronger brand affinity. We encourage online service providers to use these guidelines in their journey to rolling out passkeys to ensure a consistent, thoughtful, and simple user experience for their users.”

Passkeys are supported in the vast majority of consumer devices: Apple and Google have readied their operating systems for service providers to enable sign-ins with passkeys that sync across devices; Windows 10 and 11 have long supported device-bound passkeys in Windows Hello – and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.

Many leading service providers including Google, PayPal, Yahoo! Japan, NTT DOCOMO, CVS Health, Shopify, Hyatt, Instacart, Robinhood, Mercari and Kayak are providing their customers with passkey sign-ins.

“When it comes to providing passkeys to consumers, technical implementation is only one piece of the puzzle,” said Kevin Goldman, chair of the FIDO Alliance UX Working Group and Chief Experience Officer at Trusona. “Simply put, the UX is a critical component in helping consumers adopt passkeys as a password replacement. These guidelines are a carefully researched set of best practices that will help online service providers design a better, more consistent user experience when signing in with passkeys and ultimately maximize adoption.”

The guidelines were created by the FIDO Alliance UX Working Group in partnership with usability research firm Blink UX – with added underwriting support from 1Password, Google, Trusona and US Bank. This group collectively conducted formal research of FIDO user journeys and actively engaged with FIDO Alliance stakeholders to establish these UX best practices.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *