Why do we need fallback options?
Fallback options are crucial for a few key reasons:- Device compatibility: Despite a growing number of devices being passkey-ready (as detailed in our analysis and state of passkeys for compatibility), there will always be users with devices that do not support this technology.
- User preference: Some users might choose not to use passkeys, even on compatible devices, due to personal preferences or specific requirements.
- Inclusivity: Providing diverse login methods ensures that every user, regardless of their device or preference, has access to a secure and convenient way to log in.
What fallback options are commonly used?
Applications typically combine passkeys with one or more of the following fallback methods, depending on their security requirements and user base:- Passwordless fallbacks:
- Email magic links
- Email one-time passcodes (OTPs)
- SMS OTPs
- Social logins (e.g. Google, Microsoft, GitHub)
- Password-based fallback: Traditional password authentication remains a common fallback when layering passkeys on top of an existing identity provider, e.g. via Corbado Connect.
How does Corbado handle fallbacks?
Corbado employs a ‘passkey-first’ principle, which prioritizes passkey logins whenever feasible:- Promoting passkey logins: When a user has the option, passkey login is presented as the primary authentication method.
- Sophisticated passkey intelligence and detection: Our system intelligently detects the passkey-readiness of different users on various devices.
- Seamless transition to alternatives: If our system determines that passkeys are not a viable option, it smoothly transitions to offering alternative methods.