When should we propose passkey enrollment?
Recommendation
After successful login, after successful recovery, and in account settings.
Context
Following ADR-001's decision against forced enrollment, we need specific, well-timed moments to offer passkeys so adoption still grows meaningfully over time.
Options considered
-
Prompt at signup only
Show the enrollment prompt once, during initial account creation.
-
Prompt at three trust moments
Surface enrollment after successful login, after successful recovery, and as a persistent option in account settings.
-
Passive settings-only
Only make passkey enrollment available in account settings, with no active prompting.
Rationale
Each of the three chosen moments corresponds to a point where the member already trusts the product and has a concrete reason to act: login confirms the product works, recovery highlights the exact pain passkeys solve, and settings serves members who want control on their own schedule. This is detailed in [Progressive passkey enrollment](/patterns/progressive-passkey-enrollment) and [Recovery as passkey trigger](/patterns/recovery-as-passkey-trigger).
Risks
- Over-prompting could feel repetitive if frequency isn't capped per session.
- Members without biometric-capable devices will see the prompt but can't act on it — copy must handle this gracefully.