Scope of Work After Initial Launch Gradually Adopt Passkeys
After initial launch, you need to maintain and expand passkey use. This page presents variables to consider as you examine the scope of work required after initial launch of implementation of support for passkeys.
The initial launch is the moment in time when a service provider first makes passkeys available to users.
Team
After initial launch, your organization can work on passkeys as part of the code base for your service and treat passkeys like any other area of the service. Product managers should determine the priority of additional work on passkeys in relation to other requirements from the organization.
Team structure
There are no changes to the team structure after initial launch.
Supported use cases
After initial launch, your organization can consider supporting additional use cases. The use cases you choose to support next should be tailored to your organization's unique business needs.
For example, if there is a business need to reduce costs associated with using SMS text messaging for purposes of authentication, then you can consider supporting the Deprecate SMS OTP use case.
If there is a business need to migrate users from your website to your mobile app, then you can consider supporting the Use passkeys created on web to sign in to mobile app use case.
Examples of additional use cases:
| Description | Use case |
|---|---|
| Allow users to create a passkey instead of or in addition to a new password during account recovery | Create a passkey during account recovery due to forgot password |
| Allow users to sign in on a device that does not have a passkey (laptop/desktop) using a second device that does (mobile device) | Cross-device sign-in |
| Allow users to create a passkey to replace password plus SMS OTP authentication | Deprecate SMS OTP |
| Introduce and educate users about passkeys with a priming email that is clear and concise to promote adoption | Introduce passkeys in email and other communications |
| Learn how to properly set up the management UI for passkeys | Passkey management UI: best practices for combining all passkey types |
| Allow users to create new accounts with a passkey (no password) | New account creation with a passkey |
| Allow users to remove a passkey from their Account Settings | Remove passkeys from Account Settings |
| Allow users to use the same passkey to sign in to their accounts across websites and native mobile apps | Use passkeys created on web to sign in to mobile app |
| Allow users to sign in with security keys as a second factor after entering a username and password | Awareness of passkeys on security keys |
| Allow users to enroll security keys as a second factor and enroll additional keys (immediately or at a later time), for account recovery | Enroll passkeys on security keys |
| Allow users to view, add, rename, and remove security keys | Manage passkeys on security keys |
| Allow users to sign in with security keys as a second factor after entering a username and password | Sign in with passkeys on security keys |
Supported passkey types
There are two types of passkeys, synced and device-bound. While the initial launch of passkeys supports both, you should implement the Passkey management UI best practices for combining all passkey types if you have not already.
Supported operating systems
Your product managers should determine the priority of supporting passkeys on additional operating systems. You can monitor the Device Support page on passkeys.dev to identify supported operating systems and browsers.
Supported regions and languages
Your product managers should determine priority to add support for passkeys in additional regions and languages.
Password strategy
You might choose to continue using passwords for some number of years after launch. It is common for organizations to begin plans to remove passwords as an authentication method in the years after initial launch. To learn more about what this entails, refer to the The Future of Passkeys or watch Watch Matthias Keller from KAYAK outline why KAYAK uses passkeys and removed passwords from their services in this video segment from UX Webinar Series: Drive Revenue and Decrease Costs with Passkeys for Consumer Authentication.
Baseline metrics
After the initial launch, organizations typically document and analyze passkey usage metrics each month. You can learn more about passkey metrics and use the Authentication Method Inventory, Costs, and User Experience Analysis Worksheet as a guide in this process. It is also helpful to define a plan to support users during their journey to passkey adoption. For example, plan to field inbound requests for help with passkeys.
