FIDO Alliance introduces passkey Design Guidelines to optimize UX

New guidance on how to implement passkeys for optimal user experience have been published by the FIDO Alliance.

FIDO’s Design Guidelines are based on 14 design patterns informed by design research, according to the announcement. They include 10 principles for user experience (UX) and 3 content principles, and additional resources like Figma UI kits and community groups. They are intended to help accelerate the adoption of passkeys by online service providers and their designers, engineers, product managers, content strategists and UX researchers.

The Alliance presented its Design Guidelines in a Wednesday session at Identiverse 2024 in Las Vegas.

“Our research shows consumers and employees are adopting phishing-resistant passkeys at a rapid pace while relying organizations are experiencing cost savings and fewer security incidents,” says Andrew Shikiar, CEO and executive director of the FIDO Alliance. “By continuing our investment in the evolving user experience, the FIDO Alliance is committed to ensuring brands have a consistent and accessible set of guidelines that are fully aligned with design best practices and FIDO technology requirements.”

The guidelines were created by the FIDO UX Working Group, with contributions from 31 brands, in partnership with Blink UX. Support was provided during the process from 1Password, Dashlane, Google, HID, Trusona, U.S. Bank and Yubico.

The FIDO Alliance will hold a series of webinars to explore and explain the details of the Design Guidelines.

Michigan implements passkeys to secure state digital identity

Michigan’s Department of Technology, Management & Budget (DTMB) is reporting success with its decision to implement passkeys to replace passwords for authentication to the state digital identity solution, MiLogin.

MiLogin has 10 million users, and provides access to state government services. In its first six months since implementing passkeys, more than 100,000 user devices have enrolled passkeys, with roughly 18,000 new enrollments monthly.

The state government made the change as part of its Zero Trust Identity strategy. It hoped to improve user experience, reduce help desk dependency and improve security with the change, according to an announcement from FIDO. DTMB considered a proprietary cloud-based Identity-as-a-Service (IDaaS) provider before selecting passkeys, but the proprietary option lacked the necessary interoperability.

DTMB worked with state digital identity systems integration contractor Deloitte to implement passkeys, and reports a decrease in help desk calls of 1,300 calls in a single month. No problems with FIDO-based logins have been reported.

“I am proud that our MiLogin team has brought passwordless authentication to our public digital identities,” says DTMB Chief Security Officer Jayson Cavendish. “Passwordless brings additional protections to our public digital identities, and helps protect our systems from account takeover attempts such as brute force and password spray attacks.”

Bitwarden expands passkeys support

Bitwarden has expanded the availability of mobile passkeys on its password manager. The update ensures the availability of passkeys created on mobile devices and desktops running the Bitwarden browser extension across the user’s devices.

Passkeys have reached general availability for Apple iOS and open beta for Android on Bitwarden Password Manager mobile apps, according to the announcement.

A passkey adoption survey conducted by Bitwarden for World Password Day at the beginning of May indicates that 45 percent of consumers are adopting passkeys, and two out of three say they are more likely to adopt them at home if they are first implemented at their workplace.

Article Topics

access management  |  biometric authentication  |  biometrics  |  cybersecurity  |  FIDO Alliance  |  passkeys  |  passwordless authentication