Do Passkeys Solve the Account Recovery Problem?
You've built login for your application, but what happens when a customer upgrades their phone, loses their device, or otherwise gets locked out of their account? With an increasing number of consumer applications adopting Passkeys, account recovery is still a consideration. This session will show how to accommodate account recovery for passwordless solutions while minimizing account takeover and support overhead. I've tracked dozens of account recovery procedures to learn how everyone from utility companies to crypto startups attempt to re-verify identity when life happens. This talk will look at that research and outline best practices you can use depending on your industry and customer risk profile.
This talk was given at Authenticate 2024.