SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
The FIDO Alliance releases UX guidelines all about passkeys
Fri, 2nd Jun 2023

The FIDO Alliance has released new user experience (UX) guidelines to help accelerate deployment and adoption of passkeys.

The FIDO Alliance UX Guidelines for Passkey Creation and Sign-ins aim to help online service providers design a better, more consistent user experience when signing in with passkeys, the company states.

Based on FIDO standards, passkeys are a replacement for passwords that provide faster, easier, and more secure sign-ins to websites and apps across a user’s devices.

While reportedly far easier and more secure than passwords and legacy forms of 2FA, the research performed for these guidelines found that passkey sign-ins present a distinct user journey that service providers need to consider before providing passkey support.

The FIDO Alliance UX Guidelines provide evidence-based best practices for key steps in the user journey for passkey creation and sign-in.

Andrew Shikiar, Executive Director and CMO of the FIDO Alliance, says, “As companies around the world accelerate their move toward passwordless authentication based on FIDO standards, the topic of user experience has risen to the forefront.

“Passkeys uniquely can provide a phishing-resistant sign-in as well as a superior user experience which can drive top-line growth by enabling more seamless access to online services and engendering stronger brand affinity.

"We encourage online service providers to use these guidelines in their journey to rolling out passkeys to ensure a consistent, thoughtful, and simple user experience for their users.”

Passkeys are supported in the vast majority of consumer devices: Apple and Google have readied their operating systems for service providers to enable sign-ins with passkeys that sync across devices; Windows 10 and 11 have long supported device-bound passkeys in Windows Hello - and passkeys from iOS or Android devices can also be used to sign into sites in Chrome or Edge on Windows.

Many leading service providers including Google, PayPal, Yahoo! Japan, NTT DOCOMO, CVS Health, Shopify, Hyatt, Instacart, Robinhood, Mercari and Kayak are providing their customers with passkey sign-ins.

Kevin Goldman, Chair of the FIDO Alliance UX Working Group and Chief Experience Officer at Trusona, says, “When it comes to providing passkeys to consumers, technical implementation is only one piece of the puzzle.

“Simply put, the UX is a critical component in helping consumers adopt passkeys as a password replacement. These guidelines are a carefully researched set of best practices that will help online service providers design a better, more consistent user experience when signing in with passkeys and ultimately maximise adoption.”

The guidelines were created by the FIDO Alliance UX Working Group in partnership with usability research firm Blink UX - with added underwriting support from 1Password, Google, Trusona and US Bank.

This group collectively conducted formal research of FIDO user journeys and actively engaged with FIDO Alliance stakeholders to establish these UX best practices.