Passkey Signup Authentication
Passkeys provide a secure, passwordless authentication method that can be used to create wallets for your users without going through email verification flows. You can implement passkey signup with or without an associated email address.
If you create a passkey without an email associated with the user, you risk your users losing access to their wallets if they lose their device.
Recommended security practice: Proxy authentication requests to your backend server to enforce additional security measures:
- When a user attempts to sign up with both passkey and email, you can first require email verification before allowing the passkey to be created
- Alternatively, you can restrict initial signup to email-based methods only (which inherently verify email ownership), then allow users to add passkeys after their account is established
- This approach gives you greater control over the authentication flow and helps prevent account recovery issues
By implementing server-side verification, you ensure that passkeys are only created for verified identities, reducing the risk of permanent access loss.
You can implement Passkey Signup authentication in two ways:
- Pre-built UI Components - Quick implementation with minimal code
- Custom UI - Complete control over the user experience
Pre-built UI Components
Account Kit provides pre-built UI components that handle the entire Passkey Signup authentication flow with minimal code.
Step 1: Add Authentication Components to Your Page
Before configuring your authentication, first add one of the pre-built components to your application:
Using Modal Authentication
To add authentication in a modal popup:
For more details on modal configuration, see the Modal Authentication documentation.
Or:
Using Embedded Authentication
To embed authentication directly in your page:
For more details on embedded authentication, see the Embedded Authentication documentation.
Step 2: Configure Passkey Signup in UI Components
After adding the components, configure the Passkey Signup authentication in your application config:
Passkey signup configuration accepts the following options:
You can find the full type definition in the Account Kit source code.
The key configuration option for passkey signup is addPasskeyOnSignup: true
, which will prompt users to create a passkey after they sign up with another method (like email).
For more details on UI component customization, see the UI Components documentation.
Custom UI
If you need complete control over the user experience, you can implement your own custom UI for Passkey Signup authentication using Account Kit hooks.
Option 1: Passkey Signup with Email (Recommended)
This approach associates an email with the passkey, allowing users to recover their account if they lose access to their device.
It’s important that you validate the email before creating an account for the user. This is to prevent users from losing access to their wallets if they lose their device.
Option 2: Passkey Signup without Email
This approach creates a passkey without an associated email. Use this only if you have another recovery mechanism in place.
Step 3: Track Authentication Status
Use the useSignerStatus
hook to determine if the user is authenticated: