OnlyFans Introduces Passkeys

In a move aligning with modern authentication trends, OnlyFans recently incorporated passkeys into their login methods like many other big tech companies did recently, e.g. TikTok, Nintendo or Uber. While doing so, they've taken a hybrid approach: traditional passwords remain mandatory for sign-up, meaning the platform hasn't fully transitioned to a passwordless system yet.

• Setting up Passkeys: Users can integrate passkeys via their account settings. The option to create and label distinct passkeys is available, enhancing user convenience.
• Device Limitations: An important note for developers is that one cannot create multiple passkeys for a single device. However, the interface still prompts users to scan their biometrics (e.g. via Face ID or Touch ID) and then fails if a passkey already exists for this device this is room for improvement as an intelligent passkey detection management system can prevent this.
• Terminology Nuances: An interesting observation is OnlyFans' deliberate avoidance of the term passkeys. Instead, they've opted for Passwordless sign in, presumably for clearer communication with their user base, which might not be too familiar with passkeys yet.
• Platform Compatibility: The passkey feature is commendably versatile, compatible across diverse platforms like iOS, Android, and Windows.
• User Experience Challenges: A notable UX challenge emerges when users attempt to login with their email addresses. Since passkey-based login requires the username, contrary to traditional password-based authentication, where users can use their email address. This could lead to initial confusion.
• Passkey Management: The platform's current system displays only the name of the passkey, which they term as "devices". This can be slightly misleading, especially when users have synchronized passkeys across devices using services like iCloud Keychain, Google Password Manager or via a modern password manager (e.g. 1Password or Dashlane).
• No Conditional UI: Conditional UI ("passkey autofill") is not implemented, which leaves room for further improvement of the UX.

From a strategic standpoint, OnlyFans' decision to incorporate passkeys seems well-thought-out. A significant proportion of their users access the platform via mobile devices. Given the inherent passkey-readiness of these devices, as shown in our latest survey about passkey-readiness, this decision capitalizes on existing user behavior.

Furthermore, the absence of a native OnlyFans app (with the exception of the content-limited OFTV app) implies users may frequently need to log into the web app to access content. Introducing passkeys can expedite this process, potentially improving user retention and enhancing the overall user experience, which ultimately leads to higher user engagement and more revenue.

Incorporating modern authentication methods while maintaining user familiarity is a challenge, and OnlyFans' recent changes offer valuable insights. By analyzing such implementations, developers and product managers can derive key takeaways for their own platforms. Join our passkeys community to stay up to date about the latest passkey developments.