Posted by Niharika Arora (X and LinkedIn) – Senior Developer Relations Engineer and Vinisha Athwani – Technical Author (LinkedIn)

In a world the place digital safety is turning into more and more crucial, passwords have develop into a infamous weak hyperlink – they’re cumbersome, typically insecure, and a supply of frustration for customers and builders. However there’s excellent news: passkeys are gaining recognition as probably the most user-friendly, phishing-resistant, and safe authentication mechanism accessible. For Android builders, the Credential Supervisor API helps you information your customers in the direction of utilizing passkeys whereas guaranteeing continued help for conventional sign-in mechanisms, corresponding to passwords.

On this weblog, we focus on a few of the greatest practices it’s best to observe whereas encouraging customers to transition to passkeys.

Perceive authentication with passkeys

Earlier than diving into the suggestions for encouraging the transition to passkeys, right here’s an outline of the basics of authentication with passkeys:

• Passkeys: These are cryptographic credentials that change passwords. Passkeys are related to machine unlocking mechanisms, and are the really useful methodology of authentication for apps and websites.
• Credential Supervisor: A Jetpack API that gives a unified API interface for interacting with several types of authentication, together with passkeys, passwords, and federated sign-in mechanisms like Register with Google.

How do passkeys assist your customers?

There are a number of tangible advantages that customers expertise in apps that enable them to make use of passkeys to register. The highlights of utilizing passkey for customers are as follows:

• Improved sign-in expertise: Customers get the identical UI whether or not they use passwords, passkeys or federated sign-in mechanisms like Register with Google.
• Diminished sign-in time: As an alternative of typing out passwords, customers use their cellphone unlock mechanisms, corresponding to biometrics, leading to a easy sign-in expertise.
• Improved safety: Passkeys use public-key cryptography in order that knowledge breaches of service suppliers do not lead to a compromise of passkey-protected accounts, and are primarily based on business normal APIs and protocols to make sure they don’t seem to be topic to phishing assaults. (Learn extra about syncing and safety right here).
• Unified expertise throughout units: With the flexibility to sync passkeys throughout units, customers profit from simplified authentication whatever the machine they’re utilizing.
• No friction on account of forgotten passwords!

Underscoring the improved expertise with passkeys, we heard from a number of outstanding apps. X noticed that login charges improved 2x after including passkeys to their authentication flows. KAYAK, a journey search engine, noticed that the typical time it takes their customers to enroll and register lowered by 50% after they integrated passkeys into their authentication flows. Zoho, a complete cloud-based software program suite centered on safety and seamless experiences, achieved 6x sooner logins by adopting passkeys of their OneAuth Android app.

What’s in it for you?

If you migrate your app to make use of passkeys, you’ll be leveraging the Credential Supervisor API which is the really useful normal for identification and authentication on Android.

Aside from passkeys, the Credential Supervisor API helps conventional sign-in mechanisms, simplifying the event and upkeep of your authentication flows!

For all of those sign-in mechanisms, Credential Supervisor presents an built-in bottom-sheet UI, saving you growth efforts whereas providing customers a constant expertise.

When do you have to immediate customers to make use of passkeys?

Now that we’ve established the advantages of passkeys, let’s focus on how it’s best to encourage your customers emigrate to passkeys.

The next are a listing of UX flows in which you’ll promote passkeys:

• Person account registration: Introduce passkey creation prompts at key moments, corresponding to when your customers create their accounts:

Contextual Prompts throughout account creation
• Register: We advocate you encourage customers to immediate passkeys within the second after a person indicators in with an OTP, password, or other-sign in mechanisms.

Immediate passkey creation throughout sign-in
• Account restoration: The crucial person journey (CUJ) for account restoration is one which traditionally presents friction to customers. Prompting customers to undertake passkeys throughout account restoration is a really useful path. Customers who undertake passkeys expertise a well-recognized account restoration expertise as throughout sign-in.

Account Restoration circulation
• Password resets: That is the right second to immediate customers to create a passkey; after the frustration of a password reset, customers are sometimes extra receptive to the comfort and safety passkeys supply.

Create a passkey for sooner sign-in subsequent time

How do you have to encourage the transition to passkeys?

Encouraging customers to transition from passwords to passkeys requires a transparent technique. Just a few really useful greatest practices are as follows:

• Clear worth proposition: Use easy, user-centric prompts to elucidate the advantages of passkeys. Use messaging that highlights the advantages for customers. Emphasize the next advantages:
• Improved safety advantages, corresponding to security from phishing.
• No must kind out a password.
• Capacity to make use of the identical passkey throughout units/platforms.
• A constant authentication expertise.

Passkey immediate with clear worth proposition
• Present a seamless person expertise:
• Use the unified UI supplied by Credential Supervisor to indicate all accessible sign-in choices, permitting the person to decide on their most popular methodology with out having to recollect which one they used final.
• Use the official passkey icon to construct person familiarity and create a constant expertise.
• Guarantee that customers can fall again to their conventional sign-in strategies or a restoration methodology, corresponding to a username and password, if a passkey shouldn’t be accessible or if they’re utilizing a special machine.

• Present customers with readability about credentials inside your app’s Settings UI: Make certain your customers perceive their authentications choices by displaying useful details about every passkey inside your app’s settings. To be taught extra about including credentials metadata, see the Credential Supervisor documentation.

Passkey Metadata on App’s Settings display screen

• Educate customers: Complement the messaging to undertake passkeys with in-app academic sources or hyperlinks that designate passkeys intimately.
• Progressive rollout: Think about a phased rollout to introduce passkeys to a subset of your person base to assemble suggestions and refine the person expertise earlier than a broader launch.

Developer Case Research

Actual-world developer experiences typically spotlight how small design decisions—like when and the place to floor a passkey immediate—can considerably affect adoption and person belief. To see this in motion, let’s discover how high apps have strategically surfaced passkey prompts at key moments of their apps to drive stronger adoption :

Uber

To speed up passkeys adoption, Uber is proactively selling passkeys in varied person journeys, alongside advertising and marketing methods.

Uber has shared : “90+% of passkey enrollments come from selling passkey creation at key moments contained in the app as in comparison with onboarding and authentication CUJs“, underscoring the effectiveness of their proactive technique.

Key learnings and techniques from their implementation:

• Supply passkeys with out disrupting the core person expertise: Uber added a brand new account checkup expertise of their account settings to focus on passkey advantages, leading to excessive passkey adoption charges.

Person Account checkup circulation

• Proactively carry passkeys to customers: They discovered to not await customers to find passkeys organically as a result of counting on natural adoption would have been slower regardless of noticed advantages like sooner sign-ins and elevated login success charges for passkey customers.
• Use extra mediums to advertise passkeys: Uber can also be experimenting to advertise passkeys by e-mail campaigns or banners on a person’s account display screen to focus on the brand new sign-in methodology, making their subsequent sign-in simpler and safer.
• Respect your person’s selection: Recognizing that not all customers are prepared for passkeys, Uber applied backoff logic in crucial flows as register, signup screens and, in some contexts, presents passkeys alongside different acquainted authentication strategies.

Right here’s what Uber has to say:

At Uber, we’ve seen customers who undertake passkeys get pleasure from a sooner, extra seamless, and safer login expertise. To assist extra customers profit from passkeys, we’ve added nudges to create a passkey at key moments within the person expertise: account settings, signup, and login. These proactive outreaches have considerably accelerated our passkey adoption. 

Ryan O’Laughlin

Senior Software program Engineer, Uber

Financial Instances

Financial Instances, a part of the Instances Web ecosystem, used a seamless person expertise as the first motivation for customers to transition to passkeys.

After introducing focused nudges, Financial Instances noticed ~10% enhancements in passkey creation completion fee throughout the preliminary rollout interval.

Key learnings and techniques from their implementation:

• Strategic passkey era prompts: Initially, Financial Instances was aggressively prompting passkey creation in a number of person flows, nevertheless it was noticed that this method disrupted business-critical journeys corresponding to subscription purchases or unlocking premium options and was resulting in deserted carts.
• Refined method: Financial Instances made a deliberate resolution to take away passkey era prompts from delicate flows (such because the subscription checkout circulation) to prioritize fast motion completion.
• Focused prompts: They strategically maintained passkey era in areas the place person intent to sign-in or handle authentication is excessive, corresponding to preliminary sign-up flows, specific register pages, or account administration sections.
• Optimistic final result: This refined deployment resulted in improved passkey era numbers, indicating sturdy person adoption, with out compromising person expertise in crucial enterprise flows.

Passkeys Administration Display

Conclusion

Integrating passkeys with Android’s Credential Supervisor is not nearly adopting new know-how; it is about constructing a essentially safer, handy, and pleasant expertise on your customers. By specializing in clever passkey introduction, you are not simply securing accounts–you are constructing belief and future-proofing your software’s authentication technique.

To offer your customers the perfect, optimized and seamless expertise, observe the UX tips whereas implementing passkeys authentication with Credential Supervisor. Try the docs immediately!