Support legacy browsers
Most modern browsers now support passkeys, but not all do. Unfortunately for browsers that don't support passkeys you may need a fallback mechanism. You can use any other form of authentication, passwords, social login or email/sms delivery of one time codes. We recommend one time links/codes.
We're planning to add secure, one time codes to the Passlock platform. Subscribe to our newsletter to find out when this feature is released (it's coming soon).
Why one time codes?
Firstly you'll probably want to verify the mailbox ownership anyway.
Secondly, if you were to go down the route of using passwords as a fallback, you'll be exposed to all the issues associated with password based authentication, including:
- Phishing
- Credential stuffing
- Dictionary / rainbow table attacks
There is one additional requirement that needs to be met if you want users to be able to login using a passkey or email one time code: They must first verify their email address using the same device used for passkey registration. Read more about our email verification mechanism and the security behind it.