Design Guidelines
The FIDO Alliance Design Guidelines are for consumer use cases of passkeys. The FIDO Alliance UX Working Group conducts rigorous usability research each year to support these guidelines. The UX Working Group is comprised of 128 people from 32 companies around the world. The Design Guidelines center around design patterns and new design patterns are added regularly.
Use the Design Guidelines in conjunction with the Passkey Roll-Out Guides during your implementation of support for passkeys.
Objectives
As of 2024, the FIDO Alliance has produced Design Guidelines for four consecutive years. The guidelines are practical resources for product managers, designers, researchers, and engineers at service providers deploying passkeys at scale. The guidelines accelerate decision-making and reduce the work needed by service providers.
- Decrease time to sign in.
- Increase first try sign in success.
- Deprecate the use of SMS one-time passwords (OTPs).
- Reduce or eliminate new account creation with passwords.
- Reduce password recovery processes and associated costs.
- Increase passkey adoption and successful creation of passkeys.
- Learn which moments in the customer journey are optimal for enabling passkeys.
- Reduce time and costs with re-usable design patterns proven through rigorous usability research.
Design patterns
Design patterns are self-contained experiences that you can combine to match your unique business needs. You can start with the two required patterns and then use your unique business needs to determine which optional patterns to add. The Security Key Patterns provide user experience (UX) guidelines and best practices for relying parties and implementers seeking to enable multi-factor authentication (MFA) with FIDO security keys as a second factor, based on a regulated industry (for example, banking, or healthcare) use case.
Additional design resources
- FIDO Accessibility: Read the guidance for Making FIDO Deployments accessible to people with disabilities.
- FIDO's Figma UI Kits: FIDO's Figma UI Kits provide the UI see in the design guidelines in an editable format. Use the UI kits to start your own prototypes.
- FIDO Dev Community Group: A discussion list that supports the open internet community to better understand the technical specifications and collect feedback from real world adoption experience.
- FIDO Alliance Privacy Principles
Code
Passkeys.dev contains the basics to get started with passkey development as well as links to several tools, libraries, references, and demos. It is maintained by the W3C WebAuthn Community Adoption Group and members of the FIDO Alliance.
Design events
There is a rich community of people who attend FIDO events. These events are a great place to learn how your peers use passkeys. To help the FIDO Alliance, you can submit a talk, co-host a webinar with FIDO, or join the FIDO UX Working Group.
- Webinar: Design Guidelines: In the first of a four-part webinar series, learn the essentials of why major consumer service providers are adopting passkeys as the foundation of their consumer authentication strategy.
- Webinar: Design Guidelines: In part 2, learn how to adapt your authentication experiences to better solve key metrics for consumer authentication.
- Webinar: Design Guidelines: In part 3, learn how to drive revenue and decrease costs with passkeys for consumer authentication.
- Webinar: Design Guidelines: In part 4, watch attendees ask FIDO Alliance subject matter questions in an: Ask Me Anything format!
- In-person workshop: Design Workshop at The Authenticate Conference 14th – 17th October 2024
Design guideline underwriters
The FIDO Alliance is a 501(c)(6) non-profit organization. Hiring an independent third party design research firm incurs costs. The following FIDO Alliance member companies contributed to underwrite the costs of this research. We would like to thank them for their financial support to help make this work possible.
FIDO Alliance UX Working Group contributors:
| 1Password | American Express | Apple Inc. |
| Axiad IDS, Inc. | Beyond Identity, Inc. | BlinkUX |
| Dashlane | Duo Security at Cisco | Google Inc. |
| HYPR | IBM | Idemia |
| Intuit | JP Morgan Chase Bank, NA | Mercari, Inc. |
| Meta | Microsoft | Nok Nok |
| Okta, Inc. | Onfido Ltd. | PayPal |
| Samsung Electronics Co. | Sony Group Corporation | Target Corporation |
| Telecommunications Technology Association | Trusona, Inc. | TrustKey |
| U.S. Bank | VMware | Wells Fargo |
| WiSECURE Technologies | Yubico |
About the User Experience Working Group
To accelerate adoption of FIDO solutions and achieve the FIDO Alliance’s vision to help reduce the world’s overreliance on passwords, the FIDO Alliance UX Working Group serves as a subject matter expert in usability and user experience. Within the UX Working Group there are work streams that focus on:
- Accessibility
- Content Strategy
- Customer success
- Design
- Engineering
- Program management
- User experience research
Scope of research
Each year from December to May, the FIDO Alliance User Experience Working Group runs rigorous usability research of passkey experiences. They have identified 270 moments across enterprise and consumer journeys that can benefit from passkeys. The most high-impact moments in the consumer journey are included in the design guidelines.
The research and design agency Blink UX, in collaboration with the UX Working Group, conducted the research that informed the guidelines. Research participants include U.S. consumers ages 18-70. The research covers use cases for mobile, desktop and security keys. In 2023 the UX Working Group conducted research with participants who were blind or had low vision and used their devices’ native screen reader (Talkback or Voiceover) to navigate and consume content.
The guidelines focus on design and user experience concepts that are unique to FIDO with synced passkeys. You will see various forms of identity proofing and non-FIDO authentication examples throughout the guidelines. The guidelines do not prescribe security guidelines for identity proofing or other non-FIDO authentication mechanisms as they are unique to each service provider and based on their own unique business needs and security policy.
Yearly research process: January to May
- Document experiences enabled by new FIDO technologies.
- Audit well-known passkey deployments
- Interview platform providers
- Interview service providers who have developed passkeys
- Define the use cases to test in a given year
- Brainstorm the optimal experiences for the use cases
- Prototype and/or build coded experiences based on the brainstorms
- Repeat four times: Test each experience in 60 to 90-minute one-on-one remote interviews via Zoom
- Repeat four times: Refine the prototypes and/or build
- Test the usability of the guidelines themselves with service providers (new for 2024)
Questions and feedback
If you are a service provider deploying passkeys or creating products that support passkeys in the marketplace, we want to hear from you and get feedback on your experiences, these design guidelines, or anything else you would like to share. Please get in touch with us via email at info@fidoalliance.org
