Create, View, and Manage Passkeys in Account Settings

Overview

Topics: 2023, 2024, 2025, Consumer, Passkeys, WebAuthn, Manage Passkeys, Passkey Cards
Customer journey: Awareness > Consideration > Enrollment > Management > Authentication
Created: 6 May 2023

Allow people to create, view, and manage passkeys in Account Settings.

Add create, view, and manage passkeys in Account Settings

If a passkey does not exist for this person:
- include the passkey hero prompt at the top of Account Settings
If passkeys exist for this person
- allow them to see it as a card. One card per passkey
- place the passkeys UI above passwords in the interface
- offer the ability to remove them

Outcomes

Increase the use of phishing-resistant authentication and achieve authentication assurance level 2 (AAL2) without multiple authentication steps.
People appreciate the option to create a passkey to update their existing account at any point within Account Settings.
People find Account Settings to be an intuitive and useful place to proactively learn about and update authentication settings.

UX architectural diagram of the workflow for creating a passkey from Account Settings.

Flow

Use this messaging to help people feel confident and informed about creating a passkey. The flow answers people’s most immediate questions using a clear and structured Q&A format. This approach reflects how users naturally process new information and improves comprehension. It also reassures users by highlighting familiar elements, explaining security, and showing how passkeys work across devices.

Screen for creating a passkey from Account Settings.

Image Include a familiar visual to ground the concept. A supporting image or icon (fingerprint, face, PIN, and passkey symbol) reduces abstraction and helps users connect the idea of passkeys to everyday interactions with their devices.

Header Capture users' attention by addressing a common pain point, password fatigue. The headline, With passkeys, you don’t need to remember complex passwords, introduces the benefit of passkeys in a way that resonates with users who are tired of managing passwords. It promises a simpler sign-in experience while subtly introducing passkeys.

Messaging Structure the message using a Q&A format to reflect how users think. This format mirrors how people naturally ask questions when encountering something new, improving comprehension and engagement. Present the users with the most immediate and relevant questions: what is a passkey, and where is it saved?

What are passkeys? Introduce passkeys as secure, encrypted digital keys linked to familiar authentication methods. This explanation helps users recognize that passkeys build on something they already use, making the passkeys feel accessible. Include specific examples of familiar screen lock methods like fingerprint, face, or PIN to reduce abstraction and make the explanation feel grounded in what users already know.
Where are passkeys saved? Explain where passkeys are stored and how they enable cross-device access. Make it clear that passkeys are not tied to a single device and can be accessed across platforms through cloud-based password managers. Include named examples of trusted tools like iCloud Keychain or Google Password Manager to reinforce credibility and help users visualize where their credentials live.

CTA Include a clear and action-oriented call to action. Use a straightforward and timely CTA like Create passkeys after the informational content. This sequencing ensures users feel prepared and confident before being asked to take action.

Learn more Follow the CTA with a “Learn more” link. Including a learn more option provides a helpful fallback for users who want additional details. A link to additional information allows curious or skeptical users to dig deeper without overwhelming the experience.

Flow: schematic

Flow: video

Flow: Android prototype

tip

To view full screen, hover over the prototype, then select the expand icon.

Flow: iOS prototype

tip

To view full screen, hover over the prototype, then select the expand icon.

Content

Learn which user-tested button labels and phrases help people. Copy and edit content examples to suit your needs.

With passkeys, you don’t need to remember complex passwords.

What are passkeys?
Passkeys are encrypted digital keys you create using your fingerprint, face, or screen lock.\

Where are passkeys saved?
Passkeys are saved in your credential manager, so you can sign in on other devices.\

UX Research

Account Settings is the center of gravity for passkeys

Most participants appreciated the option to create a passkey to update their existing account at any point within Account Settings. Most participants described Account Settings as an intuitive and useful place to proactively learn about and update authentication settings.

Associate passkey with familiar concepts

Research indicated that participants sought to understand the nature and value of passkeys, but vague or technical explanations often led to confusion and passkey creation abandonment. Familiar biometric iconography and brief comparisons to familiar technologies were effective at building initial confidence. To strengthen understanding even further, it is important to expand examples beyond biometrics, such as including PINs and device passwords, to show that passkeys can work with multiple secure unlock methods. Providing this broader context helps participants feel more informed and empowered to use this new technology across different devices.

For people who already have a passkey, the passkey cards afford them an unmistakable object in the interface they can later see in their mind, find later in Account Settings, and use to get helpful information about the passkey.

Original messaging still resonates most with users

User experience research in 2025 evaluated two passkey promotion messaging versions to evaluate which effectively builds understanding, trust, and motivation to adopt passkeys. Participants overwhelmingly preferred Version B (the original guideline) where it outperformed Version A across comprehension, trustworthiness, actionability, and confidence (see Spider graph below). Participants preferred version B because it more closely aligned with their mental models for learning about new technology. They reported that Version B’s structured Q&A format made it easier to process and understand the concept of passkeys, especially when encountering it for the first time.

Graph of user testing for create passkey screen.

“I like that it gives you a good, simple description of what it is because unless you had taken the time to explain what they are, before this, I didn't really know what they are. So I never really signed up for it because I was presented with a thing that said, ‘Create Passkey,’ but I didn't know what it was. So that, to me, is really helpful.”

— Research 2025 Phase 3 – Participant 4, Android_

The user research revealed that while Version A’s use of familiar biometric examples such as fingerprint, face, and PIN helped make the idea of passkeys feel approachable, it lacked the depth some participants needed to fully trust the system. Participants appreciated the simplicity of Version A but noted that it left key security questions unanswered, such as how passkeys are stored and protected.

In contrast, Version B’s inclusion of terms like encryption and password manager reassured many participants by reinforcing the security benefits of passkeys. Nevertheless, the research also highlighted that not all participants fully understood terms like password manager and screen lock, suggesting that updated messaging should include explanations or examples to ensure accessibility for all users.

Despite Version B’s stronger performance, the research showed no single message answered all user concerns. Participants emphasized the need for layered education, with opportunities to learn more about topics like authentication choices and data storage before fully adopting passkeys.

Roll-out strategy

Every roll-out of passkeys should make use of this pattern.

Ecosystem

Passkeys might require specific hardware or software support on user's devices. Ensure that users are aware of the compatibility requirements for using passkeys and provide guidance on compatible devices and browsers.
In the native mobile app context, signing in with a passkey differs from the biometric sign-in experience that has existed for many years. Signing in with a passkey requires an additional tap.

Security

DigitalBiz gracefully falls back to an email OTP. The graceful fallback option you choose should match your unique security and business goals. Plan your UX in accordance with your unique security and business needs. The guidelines focus on UX concepts that are unique to FIDO with synced passkeys. You will see various forms of identity proofing and non-FIDO authentication examples throughout these guidelines. The guidelines do not intend to prescribe security guidelines for identity proofing or other non-FIDO authentication mechanisms, as they are unique to each relying party (RP) and based on their own unique business needs and security policy.

Overview​

Add create, view, and manage passkeys in Account Settings​

Outcomes​

Flow​

Flow: schematic​

Flow: video​

Flow: Android prototype​

Flow: iOS prototype​

Content​

UX Research​

Account Settings is the center of gravity for passkeys​

Associate passkey with familiar concepts​

Original messaging still resonates most with users​

Roll-out strategy​

Ecosystem​

Security​

Founding underwriters