TLDR;
Shopify wants to replace email and SMS verification
Why?
→ It’s expensive and too much work for users
→ Usernames and passwords are unsecure
→ Passkeys are mainstream
🔑 WTF is a Passkey?
You could watch this 4 minute explanation by Google or we can summarize it for you here.
Passkeys just use your device to authenticate you for what you’re trying to login to.
Think of using your pin, thumbprint, or login pattern to also login to web apps.
🔧 Cool story, how do we make a passkey?
Looks like a complicated diagram. Here’s the simpler flow.
Someone wants to login to websites using their device and makes a request to setup a passkey.
The server tells the user to verify saving a passkey for the webapp
User signs in with their login device and sends that success message to the server
Now users can login to the website with their “passkey” anytime they want.
💡 I have a passkey, how do I use it?
Anytime you verify with your device, you’ll send a request to the website with the verification to the server.
The server will tell you if the passkey verification is valid or not and log you in (or not).
📆 Passkeys on one device sounds annoying
Yeah, it’s pretty annoying. If you’re browsing on multiple devices like a tablet + phone + desktop, you can still choose to authenticate with just your phone.
It’ll take some bluetooth which sounds like verifying with SMS again.
Or could always register another passkey on that new device.
Either way, it’s at least better than using the same password to login to everything.
💰 HELP WANTED
This newsletter has grown to 5000+ AMAZING READERS. It’s grown to a scale that a single person can’t maintain all of it on their own.
If you’re interested in being a byte-sized design writer, apply here!
📝 Official Article
(Links to official article and sources are available to paid subscribers. They help maintain and support this newsletter!)
Keep reading with a 7-day free trial
Subscribe to Byte-Sized Design to keep reading this post and get 7 days of free access to the full post archives.