OnlyFans Introduces Passkeys

Introduction: OnlyFans Passkey Login#

In a move aligning with modern authentication trends, OnlyFans recently incorporated passkeys into their login methods like many other big tech companies did recently, e.g. TikTok, Nintendo or Uber. While doing so, they've taken a hybrid approach: traditional passwords remain mandatory for sign-up, meaning the platform hasn't fully transitioned to a passwordless system yet.

Technical Highlights of OnlyFans Passkeys Implementation#

• Setting up Passkeys: Users can integrate passkeys via their account settings. The option to create and label distinct passkeys is available, enhancing user convenience.
• Device Limitations: An important note for developers is that one cannot create multiple passkeys for a single device. However, the interface still prompts users to scan their biometrics (e.g. via Face ID or Touch ID) and then fails if a passkey already exists for this device this is room for improvement as an intelligent passkey detection management system can prevent this.
• Terminology Nuances: An interesting observation is OnlyFans' deliberate avoidance of the term passkeys. Instead, they've opted for Passwordless sign in, presumably for clearer communication with their user base, which might not be too familiar with passkeys yet.
• Platform Compatibility: The passkey feature is commendably versatile, compatible across diverse platforms like iOS, Android, and Windows.
• User Experience Challenges: A notable UX challenge emerges when users attempt to login with their email addresses. Since passkey-based login requires the username, contrary to traditional password-based authentication, where users can use their email address. This could lead to initial confusion.
• Passkey Management: The platform's current system displays only the name of the passkey, which they term as "devices". This can be slightly misleading, especially when users have synchronized passkeys across devices using services like iCloud Keychain, Google Password Manager or via a modern password manager (e.g. 1Password or Dashlane).
• No Conditional UI: Conditional UI ("passkey autofill") is not implemented, which leaves room for further improvement of the UX.

Passwordless Login Strategy of OnlyFans#

From a strategic standpoint, OnlyFans' decision to incorporate passkeys seems well-thought-out. A significant proportion of their users access the platform via mobile devices. Given the inherent passkey-readiness of these devices, as shown in our latest survey about passkey-readiness, this decision capitalizes on existing user behavior.

Furthermore, the absence of a native OnlyFans app (with the exception of the content-limited OFTV app) implies users may frequently need to log into the web app to access content. Introducing passkeys can expedite this process, potentially improving user retention and enhancing the overall user experience, which ultimately leads to higher user engagement and more revenue.

Incorporating modern authentication methods while maintaining user familiarity is a challenge, and OnlyFans' recent changes offer valuable insights. By analyzing such implementations, developers and product managers can derive key takeaways for their own platforms. Join our passkeys community to stay up to date about the latest passkey developments.

About Corbado

Corbado is the Passkey Intelligence Platform for CIAM teams running consumer authentication at scale. We help you see what IDP logs and generic analytics tools can't: which devices, OS versions, browsers and credential managers support passkeys, why enrollments don't turn into logins, where the WebAuthn flow fails and when an OS / browser update silently breaks login, all without replacing Okta, Auth0, Ping, Cognito or your in-house IDP. Two products: Corbado Observe layers observability for passkeys and any other login method. Corbado Connect adds managed passkeys with analytics built in (alongside your IDP). VicRoads runs passkeys for 5M+ users with Corbado (+80% passkey activation). Talk to a Passkey Expert →

Frequently Asked Questions#

Why does OnlyFans call passkeys 'Passwordless sign in' instead of 'passkeys'?#

OnlyFans deliberately avoids the term 'passkeys' to communicate more clearly with a user base that may be unfamiliar with the technology. Using descriptive terminology like 'Passwordless sign in' reduces friction for non-technical users encountering the feature for the first time.

What are the main UX problems with OnlyFans' passkey implementation?#

Two key issues exist: passkey login requires a username rather than an email address, unlike traditional password login, which can confuse returning users. Additionally, Conditional UI (passkey autofill) is not implemented, missing an opportunity to streamline the login experience further.

Can I create multiple passkeys on the same device for my OnlyFans account?#

No. OnlyFans currently restricts users to one passkey per device. The interface still prompts for biometric input even when a passkey already exists for that device, then fails without a clear explanation, which is a known gap in their passkey management system.

Why is OnlyFans' decision to add passkeys strategically significant?#

A large share of OnlyFans users access the platform via mobile devices, which are inherently passkey-ready. Since OnlyFans lacks a full native mobile app, users log into the web app frequently, making faster passkey-based authentication a meaningful improvement to user retention and engagement.