When considering the integration of passkeys into your authentication flow, one of the key decisions is whether to use passkeys as a primary authentication method or as a second factor (2FA).

Primary Factor (Passwordless)

By using passkeys as the primary factor, you effectively replace the password field in your login form. This provides a frictionless, passwordless experience for your users, relying on secure, biometrically-enabled authentication like fingerprint or face recognition. This approach:

  • Enhances security by eliminating passwords, which are a common attack vector.
  • Simplifies the user experience, making authentication almost invisible to the user.
  • Requires minimal change in your UI but represents a fundamental shift in user authentication management.

If implemented as a primary factor, passkeys offer 2FA by default, since the passkey itself is tied to the user’s device and identity. However, adopting this model means eliminating passwords entirely from your process, which may require more consideration from an organizational change perspective.

Second Factor (2FA)

Alternatively, you can use passkeys as a second factor in combination with an existing password. In this scenario, users will first enter their password, and then verify their identity using a passkey, instead of receiving a traditional SMS OTP or TOTP from an authenticator app.

This approach allows you to:

  • Increase security without completely changing your existing password-based system.
  • Offer users a modern authentication method that is more secure than SMS-based or authenticator-based 2FA.
  • Gradually transition to a passwordless future by first integrating passkeys alongside your current process.

With Corbado Connect, both of these approaches are supported, and you can decide which method works best for your system architecture and user base.

Tip: Using passkeys as a primary factor is generally more user-friendly, while using them as a second factor allows for a more gradual integration.

Next, let’s move on to the Integration section. Let me know if you have specific details or requirements for it, and I’ll create the draft!

Was this page helpful?

WelcomeIntegration