Skip to main content

Passkey Creation after Hybrid Login

This approach uses the operating system’s built-in hybrid transport functionality (part of the CTAP 2 specification) for secure cross-device authentication. Passkey Intelligence automatically determines when to offer QR code login based on detecting that the user has a passkey on their mobile device.
Security Requirements: Both devices must have internet connectivity and Bluetooth enabled for cross-device authentication to work. This dual-channel approach (QR code for initial pairing + Bluetooth proximity verification) is a critical phishing protection mechanism built into passkeys.
  • macOS
  • Windows
append-after-hybrid-macos.png

macOS passkey append after hybrid login

1

User enters identifier

  • User enters their identifier (email/username) on the login page in text field.
  • System now knows which user account is attempting to log in.
2

Passkey Intelligence determines cross-device authentication is available

  • The system uses Passkey Intelligence to analyze the user’s passkey availability.
  • It automatically detects that this user has a passkey stored on their mobile device.
  • Based on this intelligence, the system prepares to offer cross-device authentication via QR code.
3

OS displays QR code screen

  • The operating system displays a screen preparing the user for cross-device authentication.
  • The operating system generates a QR code for secure pairing.
  • Requirements: Both devices must have internet and Bluetooth enabled.
4

User scans QR and authenticates

  • User scans the QR code using their mobile device where the passkey is stored.
  • Bluetooth proximity check: The OS verifies both devices are physically close (phishing protection).
  • The mobile device performs biometric or PIN authentication.
5

Login completes on current device & passkey append initiates

  • Authentication response is securely sent back via the internet connection to complete login on the current device.
  • User is granted access on the current device.
  • After successful cross device authentication, user is asked to create a passkey on the current device.
6

OS-native biometric modal appears

  • User chooses and continues to set up a passkey using fingerprint, face, or PIN for secure sign-in.
7

Passkey creation successful

  • User successfully creates a passkey and it is now linked with the user account for the respective web-app.
8

Redirection to app dashboard

  • User is redirected to the app dashboard.
I