📄️ Biometrics
Passkey private keys are protected by the device on which they reside, typically in a hardware security module. When requesting passkey authentication you can also tell the device that it should verify the user locally, a process known as user verification. Devices will typically verify the user using biometrics, although this isn't guaranteed.
📄️ Support legacy browsers
Most modern browsers now support passkeys, but not all do. Unfortunately for browsers that don't support passkeys you may need a fallback mechanism. You can use any other form of authentication, passwords, social login or email/sms delivery of one time codes. We recommend one time links/codes.
📄️ Support legacy users
Not every developer has the luxury of a greenfield project. Most likely you have existing users who authenticate using username & password or social login. You'll need to consider how best to support those users. There are several approaches, each with their own benefits and drawbacks.
📄️ Verify email ownership
Passlock can handle the routine task of verifying email ownership by sending a verification link or code.