How to transition existing, password-based users to passkeys

Efficiently managing the login process for existing users is crucial for any successful online platform. Corbado offers a streamlined login flow that introduces passwordless, passkey-first logins to these existing users to facilitate passkey transition. Users enter their email address, and Corbado's product intelligence checks if the user already exists. Users with passwords can use passwords to log in or make use of passwordless email magic links. After any of these logins, user can opt-in to create a passkey. Once created, passkeys become the preferred login method. This optimization enhances security and user experience, boosting satisfaction and trust.

Passkeys as innovative login method enhance security while eliminating the need for users to remember complex passwords. However, 99% of all systems today already have users who log in with passwords and implementing passkeys in these systems has been extremely complex so far. At Corbado, we've addressed this challenge: to ensure a seamless experience for already registered users, we have developed a login flow that not only simplifies the process but also introduces an approach that we call passkey-first logins. The detection logic is included out-of-the-box in the our web component and does not need to be customized.

Overview of process

Prerequisites

For the following process to work and be displayed, you must set up webhooks first as described here.

1. Simplified Login Process for Existing Users

When it comes to existing users accessing your platform, simplifying the login procedure is of utmost importance. With Corbados solution, users are only required to enter their email address and click the "Continue" button. It is explicitly checked whether the email address already exists in the customer's backend. Additionally, Corbado checks which login methods exist for the user and which are technically possible.

2. Login with Password or Email Magic Link

For users who previously had a password and not yet a passkey, an option to log in with the password or via email magic link will be presented. Of course, if the user logs in with a password, it will be checked if it is correct. Moreover, a passwordless login option (like email magic links) can significantly enhance convenience, as this method eliminates the need for users to remember complex passwords, reducing the risk of forgotten passwords and thus login abundance rates. With a click on the email magic link, users can securely access their accounts, enhancing their overall login experience.

3. Enhancing Security with Passkeys

After successfully logging in using either a password or an email magic link, Corbados web component checks whether the user's device supports passkeys. If compatible, users are asked if they want to create a passkey. By introducing passkeys, your website / app can provide an additional layer of security, mitigating the risks associated with password-based authentication methods, while tremendously simplifying the login experience.

4. Passkeys as the Preferred Login Method

Once a passkey has been created, it becomes the preferred method for user login (passkey-first authentication). Going forward, users will primarily use their passkeys, relegating passwords and email magic links to secondary fallback options. This shift to passkey-based login simplifies the login process and places an emphasis on security. Users can enjoy a seamless login experience, knowing that their accounts are protected by an advanced authentication mechanism. New users no longer create a password at all but register passwordless with a passkey or EML.

To sum it up:

So far, it has been extremely complex to implement passkeys in systems with existing password-using users. Corbado can now help you smoothly convert users to passkeys to leverage their benefits: By optimizing the login process for existing users through the integration of webhooks, the implementation of passwordless login options, and the adoption of passkeys, your platform can offer an elevated level of account security while providing a user-friendly experience. Simplifying the login flow, eliminating the need for passwords, and prioritizing passkeys empower users to securely access their accounts with ease. Prioritizing these strategies will not only enhance user satisfaction but also bolster their trust in the security measures of your platform.

Passkeys are the most efficient and effective authentication method available. If you want to offer passkeys to your existing users today, try Corbado's solution for free. With our passkeys-as-a-service offering, we address challenges that arise with the implementation, such as integrating passkeys into existing systems.