Pattern 02
Passwordless-first, not passwordless-only
Present passkeys or magic links as the default, fastest path, while keeping password sign-in available as an equal, unhidden fallback.
Problem
Removing passwords entirely locks out users on unsupported devices, shared browsers, or platforms without biometric hardware — and removes the fallback recovery still depends on.
Recommendation
Present passkeys or magic links as the default, fastest path, while keeping password sign-in available as an equal, unhidden fallback.
UX impact
Fast users get a one-tap experience; everyone else isn't stranded with no visible way to sign in.
Security impact
Keeps a harmonized password policy as a safety net while the passkey base grows, avoiding a hard cutover that support teams can't yet handle at scale.
Implementation notes
Surface the fallback as a text link, not a buried menu; track method usage to decide when passwordless can graduate from 'first' to closer to 'only'.