Here is the revised text in a more sarcastic way with hastags at the beginning:
Hey there, Android users, it’s time to upgrade your authentication game! 🚀
The world of digital security is becoming more critical than ever, and passwords are no longer the go-to option for securing your accounts. Enter the realm of passkeys, the future of authentication that’s taking the internet by storm! 🚀
So, what is a passkey, you ask? A cryptographic credential that replaces passwords, replacing the clunky and insecure process of typing out long strings of characters. 🚀
But wait, there’s more! Passkeys are gaining popularity as the most user-friendly, phishing-resistant, and secure authentication mechanism available. 🚀
Now, let’s talk about the benefits of using passkeys for Android developers. Unlike passwords, passkeys are associated with device unlocking mechanisms, making them the perfect solution for apps and sites that require users to access their accounts with just their phone. 🚀
Using passkeys, your users get a seamless, consistent experience across devices and platforms, saving you time and effort in managing authentication flows. 🚀
But that’s not all! Passkeys also help improve security by not allowing attackers to compromise
Posted by Niharika Arora (X and LinkedIn) – Senior Developer Relations Engineer and Vinisha Athwani – Technical Writer (LinkedIn)
In a world where digital security is becoming increasingly critical, passwords have become a notorious weak link – they’re cumbersome, often insecure, and a source of frustration for users and developers. But there’s good news: passkeys are gaining popularity as the most user-friendly, phishing-resistant, and secure authentication mechanism available. For Android developers, the Credential Manager API helps you guide your users towards using passkeys while ensuring continued support for traditional sign-in mechanisms, such as passwords.
In this blog, we discuss some of the best practices you should follow while encouraging users to transition to passkeys.
Understand authentication with passkeys
Before diving into the recommendations for encouraging the transition to passkeys, here’s an overview of the fundamentals of authentication with passkeys:
- Passkeys: These are cryptographic credentials that replace passwords. Passkeys are associated with device unlocking mechanisms, and are the recommended method of authentication for apps and sites.
- Credential Manager: A Jetpack API that provides a unified API interface for interacting with different types of authentication, including passkeys, passwords, and federated sign-in mechanisms like Sign in with Google.
How do passkeys help your users?
There are several tangible benefits that users experience in apps that allow them to use passkeys to sign in. The highlights of using passkey for users are as follows:
- Improved sign-in experience: Users get the same UI whether they use passwords, passkeys or federated sign-in mechanisms like Sign in with Google.
- Reduced sign-in time: Instead of typing out passwords, users use their phone unlock mechanisms, such as biometrics, resulting in a smooth sign-in experience.
- Improved security: Passkeys use public-key cryptography so that data breaches of service providers don’t result in a compromise of passkey-protected accounts, and are based on industry standard APIs and protocols to ensure they are not subject to phishing attacks. (Read more about syncing and security here).
- Unified experience across devices: With the ability to sync passkeys across devices, users benefit from simplified authentication regardless of the device they’re using.
- No friction due to forgotten passwords!
Underscoring the improved experience with passkeys, we heard from several prominent apps. X observed that login rates improved 2x after adding passkeys to their authentication flows. KAYAK, a travel search engine, observed that the average time it takes their users to sign up and sign in reduced by 50% after they incorporated passkeys into their authentication flows. Zoho, a comprehensive cloud-based software suite focused on security and seamless experiences, achieved 6x faster logins by adopting passkeys in their OneAuth Android app.
What’s in it for you?
When you migrate your app to use passkeys, you’ll be leveraging the Credential Manager API which is the recommended standard for identity and authentication on Android.
Apart from passkeys, the Credential Manager API supports traditional sign-in mechanisms, simplifying the development and maintenance of your authentication flows!
For all of these sign-in mechanisms, Credential Manager offers an integrated bottom-sheet UI, saving you development efforts while offering users a consistent experience.
When should you prompt users to use passkeys?
Now that we’ve established the benefits of passkeys, let’s discuss how you should encourage your users to migrate to passkeys.
The following are a list of UX flows in which you can promote passkeys:
- User account registration: Introduce passkey creation prompts at key moments, such as when your users create their accounts:
- Sign in: We recommend you encourage users to prompt passkeys in the moment after a user signs in with an OTP, password, or other-sign in mechanisms.
- Account recovery: The critical user journey (CUJ) for account recovery is one that historically presents friction to users. Prompting users to adopt passkeys during account recovery is a recommended path. Users who adopt passkeys experience a familiar account recovery experience as during sign-in.
- Password resets: This is the perfect moment to prompt users to create a passkey; after the frustration of a password reset, users are typically more receptive to the convenience and security passkeys offer.
How should you encourage the transition to passkeys?
Encouraging users to transition from passwords to passkeys requires a clear strategy. A few recommended best practices are as follows:
- Clear value proposition: Use simple, user-centric prompts to explain the benefits of passkeys. Use messaging that highlights the benefits for users. Emphasize the following benefits:
- Improved security benefits, such as safety from phishing.
- No need to type out a password.
- Ability to use the same passkey across devices/platforms.
- A consistent authentication experience.
- Provide a seamless user experience:
- Use the unified UI provided by Credential Manager to show all available sign-in options, allowing the user to choose their preferred method without having to remember which one they used last.
- Use the official passkey icon to build user familiarity and create a consistent experience.
- Make sure that users can fall back to their traditional sign-in methods or a recovery method, such as a username and password, if a passkey is not available or if they are using a different device.
- Provide users with clarity about credentials within your app’s Settings UI: Make sure your users understand their authentications options by displaying helpful information about each passkey within your app’s settings. To learn more about adding credentials metadata, see the Credential Manager documentation.
- Educate users: Supplement the messaging to adopt passkeys with in-app educational resources or links that explain passkeys in detail.
- Progressive rollout: Consider a phased rollout to introduce passkeys to a subset of your user base to gather feedback and refine the user experience before a broader launch.
Developer Case Studies
Real-world developer experiences often highlight how small design choices—like when and where to surface a passkey prompt—can significantly influence adoption and user trust. To see this in action, let’s explore how top apps have strategically surfaced passkey prompts at key moments in their apps to drive stronger adoption :
Uber
To accelerate passkeys adoption, Uber is proactively promoting passkeys in various user journeys, alongside marketing strategies.
Uber has shared : “90+% of passkey enrollments come from promoting passkey creation at key moments inside the app as compared to onboarding and authentication CUJs“, underscoring the effectiveness of their proactive strategy.
Key learnings and strategies from their implementation:
- Offer passkeys without disrupting the core user experience: Uber added a new account checkup experience in their account settings to highlight passkey benefits, resulting in high passkey adoption rates.
- Proactively bring passkeys to users: They learned not to wait for users to discover passkeys organically because relying on organic adoption would have been slower despite observed benefits like faster sign-ins and increased login success rates for passkey users.
- Use additional mediums to promote passkeys: Uber is also experimenting to promote passkeys through email campaigns or banners on a user’s account screen to highlight the new sign-in method, making their next sign-in easier and more secure.
- Respect your user’s choice: Recognizing that not all users are ready for passkeys, Uber implemented backoff logic in critical flows as sign in, signup screens and, in some contexts, offers passkeys alongside other familiar authentication methods.
Here’s what Uber has to say:
At Uber, we’ve seen users who adopt passkeys enjoy a faster, more seamless, and more secure login experience. To help more users benefit from passkeys, we’ve added nudges to create a passkey at key moments in the user experience: account settings, signup, and login. These proactive outreaches have significantly accelerated our passkey adoption. Ryan O’Laughlin Senior Software Engineer, Uber
Economic Times
Economic Times, part of the Times Internet ecosystem, used a seamless user experience as the primary motivation for users to transition to passkeys.
After introducing targeted nudges, Economic Times observed ~10% improvements in passkey creation completion rate within the initial rollout period.
Key learnings and strategies from their implementation:
- Strategic passkey generation prompts: Initially, Economic Times was aggressively prompting passkey creation in multiple user flows, but it was observed that this approach disrupted business-critical journeys such as subscription purchases or unlocking premium features and was leading to abandoned carts.
- Refined approach: Economic Times made a deliberate decision to remove passkey generation prompts from sensitive flows (such as the subscription checkout flow) to prioritize immediate action completion.
- Targeted prompts: They strategically maintained passkey generation in areas where user intent to sign-in or manage authentication is high, such as initial sign-up flows, explicit sign in pages, or account management sections.
- Positive outcome: This refined deployment resulted in improved passkey generation numbers, indicating strong user adoption, without compromising user experience in critical business flows.
Conclusion
Integrating passkeys with Android’s Credential Manager isn’t just about adopting new technology; it’s about building a fundamentally more secure, convenient, and delightful experience for your users. By focusing on intelligent passkey introduction, you’re not just securing accounts–you’re building trust and future-proofing your application’s authentication strategy.
To provide your users the best, optimized and seamless experience, follow the UX guidelines while implementing passkeys authentication with Credential Manager. Check out the docs today!
