Passkeys are a safer and more convenient replacement for passwords. With passkeys, users can sign in to apps and websites using biometrics (such as a fingerprint or facial recognition), PIN, or pattern. This provides a seamless sign-in experience, freeing your users from having to remember usernames or passwords.
Keep in mind the following considerations when using passkeys:
- Introduce passkeys at the right moment to help users stay engaged and adopt this new sign-in method.
- Make passkeys the default option to help users adopt the simplest and safest sign-in method.
- Keep information about passkeys consistent throughout the product to help users learn about passkeys.
- Use the passkey icon to create a consistent understanding and login experience.
- Use the Credential Manager API to implement passkeys in your app.
- Use Credential Manager API to consolidate sign in options (passkeys, passwords and federated sign-in solutions). There is no need to list out all sign in options up front.
- Give your users an opportunity to create a passkey after sign-in with a password or other options.
Account creation and login can be a major source of confusion and app abandonment. Provide a simple and cohesive authentication experience for your users. Credential Manager is a Jetpack API that supports multiple sign-in methods, such as username and password, passkeys, and federated sign-in solutions, such as Sign-in with Google in a single API. This unifies the sign-in interface across authentication methods, making it clearer and easier for users to sign into apps, regardless of the method they choose.
Your app's authentication and account management user flows can include passkey for a more simplified and secure experience.
Authentication flows typically consist of the following elements:
- Login screen
- Sign-up screens
- Account recovery
- Account settings
Create these screens for your user to create an account and login to their account.
Utilize progressive disclosure with account creation, and divide the flow into multiple steps. Create steps no smaller than two to three items per screen, since users are more likely to abandon sign-up with too many steps. Minimize the amount of information you gather during sign. Be mindful of your user's privacy by allowing them to optionally fill in information later. When creating an account with a password, avoid overly complicated password requirements.
Credential Manager API provides the passkey UI, as bottom sheets components, for multiple passkey and sign in options.
Learn more about how to support Credential Manager in your app to sign up users.
Passkey user journeys
In your app, passkeys should account for the following user experiences.
Create and save a passkey
We recommend promoting passkeys in the following ways:
- For new accounts, promote passkeys during account creation.
- For existing accounts, promote passkeys during account recovery and after signing in.
- Promote passkeys in the account settings, as users are already in the account management mindset.
When prompting passkey creation, ensure that the prompt content is consistent across all surfaces of the product.
The account creation moment
When users are creating a new account, they are already thinking about how they will sign in to that account in the future. This is a good opportunity to introduce them to passkeys and explain how they can use passkeys to sign in faster.
Make passkeys the default option for account creation
When users create a new account, make passkeys the default option over passwords. However, offer users a fallback option if they dismiss the passkey creation screen. This helps users who want to use another sign-in option to still create an account. For first-time users, Credential Manager displays a passkey education screen. To help them learn more, consider adding a link to learn more about passkeys on either the sign-up screen or fallback screen.
Provide users with a way to sign in without creating a passkey if they dismiss the passkey creation screen. On the fallback option page, continuously display the passkey option in case of error or accidental dismissal.
Communicate to users the status of account and passkey creation
Keep users informed about what's going on during account creation. This increases user confidence in passkeys and the product as a whole.
The account recovery moment
Users who have tried to recover their accounts using their old password and failed may be more likely to adopt passkeys.
Prompt users to create a passkey when they reset their password
Encourage users to create a passkey when they try to reset their password. Consider prompting users to create a passkey for other account recovery use cases.
Explain to users the benefits of passkeys in the account recovery screen. Include the passkey icon to increase familiarity with the method throughout the passkey creation flow.
Prompt users to create a passkey at the end of password reset as users may find it time-consuming to create and save a new password.
Guide users on how to fix a problem about their passkey
When users request help to fix a problem about their passkey, add troubleshooting steps or link our help center article.
Add a button or link that users can use to find tips or troubleshoot problems with their passkey.
The moment immediately after signing in
Users may have difficulty remembering their passwords when signing in. Help them save time and frustration by encouraging them to create a passkey immediately after signing in with a password or other options.
Display a passkey prompt immediately after signing in with a password or other options.
The account management moment
For existing accounts with passwords or other sign-in methods, display a passkey prompt in the account settings to help users upgrade to a passkey. Ensure that the user is not creating duplicate passkeys for the same username in the same password manager.
Sign in with a saved credential
Users can initiate a sign-in flow by tapping a sign-in button. The Credential Manager's account selector then appears. Users can select an account to sign in with, and then unlock the screen to verify. If they don't have a saved credential or don't want to select one, they can dismiss the account selector and sign in by typing a password or using other traditional sign-in methods.
Credential Manager brings together passkeys and traditional sign-in methods such as passwords and "Sign in with Google". On devices with Android 13 or lower, passkeys and passwords are saved and retrieved from Google Password Manager. That way, if a user loses their Android-powered device, they can always restore their passkeys on another Android-powered device by signing in with their Google Account. On Android 14 and higher, we support all enabled credential providers on a given user's device for storage and retrieval of credentials. The Android system aggregates credentials from different providers, and presents them to the users in a bottom sheet.
- One account from Google Password Manager
- Three accounts from multiple providers
Combine all supported sign-in methods when interacting with the Credential Manager.
Simple experience with consolidated sign-in methods
Credential Manager makes the sign-in experience simpler by consolidating the sign-in methods for each account and surfacing the safest and simplest authentication method. For example, if the user has both a password and a passkey for their account, the system proposes using the passkey, the safest and simplest option.
Our users may use multiple password managers to sign in to apps, which means they might have multiple saved passkeys under the same username for the same service. In this case, we organize them by last-used time and display one in the sign-in screen. However, if the user prefers to use a different method, they can tap on "Sign-in options" in the sign-in screen to choose an alternative option.
Manage saved credentials in the app's settings
- Before creating a passkey
- After creating one passkey
- After creating multiple passkeys
Make passkey information simple to scan and understand
Unlike passwords, which are tangible combinations of letters, numbers, and symbols, passkeys are largely invisible to people. To help users understand which passkey is being referenced in a settings UI, it is important to display meaningful content about a single passkey, such as the passkey icon, device name, last time used, and buttons to manage it.
Provide an email or phone fallback to help users to recover their account if revoking a passkey leaves users without any sign-in method for this service.
Consider displaying the passkey prompt again if they revoke all of their passkeys.