Skip to main content

Scope of Work for Initial Launch to Gradually Adopt Passkeys

This page covers the scope of initial launch for the Roll-Out Guide - Gradually Adopt Passkeys. Use this information to help determine the scope of your initial launch.

You can compare the scope of work needed for initial launch for each strategy by referring to Compare the FIDO Passkey Roll-Out Strategies.

info

The initial launch is the moment in time when a service provider first makes passkeys available to customers.

Team

For each passkey roll-out strategy there is a core team and an extended team of additional stakeholders. The core team focuses much of their work on passkeys for a number of months or sprints and typically consists of the following individuals:

  • Engineers (1-3 people)
  • Product manager (1 person)
  • People from a solutions provider (vendor) (2+ people)
  • User experience designer, researcher or content strategist (1 person)

For many organizations, the individuals in these roles work together often, which further helps to simplify this roll-out strategy.

Consider consulting an extended team of additional stakeholders at major milestones in the project. They do not focus on passkeys day to day. Additional stakeholders might include:

  • Project leader, who might be part of the core team
  • Chief Technology Officer (CTO)
  • Chief Product Officer (CPO)
  • Chief Marketing Officer (CMO)
  • Chief Information Security Officer (CISO)
  • Data analyst
  • Security analyst
  • Third-party research analyst
  • IT architect
  • Solutions architect
  • An individual from your legal team
  • An individual from your risk or fraud team

Supported use cases

This guide purposely limits the scope of the initial launch by including support for passkeys on a single domain.

Supported passkey types

Both roll-out strategies support synced and device-bound passkeys.

Supported use case

Start with the single most important authentication use case for your organization. For many organizations this is authentication for a native mobile app.

Supported operating systems

To purposely limit the scope of the initial launch, you can initially support only one operating system on initial launch and expand support to other operating systems later.

Supported regions and languages

To minimize the scope of this roll-out strategy you can plan to support passkeys for a single region with a single language.

Password strategy

With this roll-out strategy there are no changes to password use upon initial launch. For example, new accounts are created the same way you create them today, likely with passwords. Additionally, existing customers who create a passkey still have the option to use their password to sign in.

note

In June of 2024 Apple announced Automatic passkey upgrades.

When a user signs in on iOS18+, and already has a username and password available for autofill to the online service’s app or web page, the online service can request that a passkey be automatically created. The online service can silently register the passkey for the user without bothering users with an explicit passkey registration flow.

On subsequent sign-ins the user can be offered the more convenient passkey autofill rather than the password autofill they had set up. This is an important feature for online services to leverage since users often ignore promotions that offer passkey registration flows, since they are busy with other tasks. This optimization of password upgrade removes that registration burden from the user.