---
url: 'https://www.corbado.com/faq/risks-transitioning-sms-otps-to-passkeys'
title: 'What are risks of transitioning from SMS OTPs to passkeys?'
description: 'Explore the risks of transitioning from SMS OTPs to passkeys, including user resistance, compatibility issues, and security considerations.'
lang: 'en'
keywords: 'risks of passkey transition, SMS OTP risks, migrating to passkeys, passkey adoption challenges'
---

# What are risks of transitioning from SMS OTPs to passkeys?

## What are the risks of transitioning from SMS OTPs to passkeys?

Transitioning from SMS One-Time Passwords (OTPs) to passkeys is a significant step toward
improving security and user experience. However, this process involves certain risks that
organizations should carefully address.

### Key Risks in Transitioning to Passkeys

#### 1. User Resistance to Change

- Some users may resist adopting new authentication methods due to unfamiliarity with
  passkeys.
- Lack of understanding can lead to reduced trust and slower adoption rates.

#### 2. Device and Browser Compatibility Issues

- Not all devices and browsers may support passkeys, particularly older models or outdated
  software.
- This can leave some users unable to authenticate if fallback methods are not maintained.

#### 3. Disruption During the Transition

- A poorly executed migration can result in user lockouts, login issues, or increased
  support inquiries.
- Testing and phased rollouts are essential to minimize disruption.

#### 4. Security Gaps in Hybrid Systems

- During the transition period, maintaining both SMS OTPs and passkeys can create
  potential [vulnerabilities](https://www.corbado.com/glossary/vulnerability).
- It’s crucial to ensure that both methods are secure and cannot be exploited
  simultaneously.

#### 5. Lack of MFA Fallbacks

- Removing SMS OTPs without providing other fallback methods could alienate users who are
  not ready for passkeys.
- Maintaining alternate MFA options ensures continuity and user accessibility.

### Mitigation Strategies

- **User Education:** Provide clear guidance and resources to help users understand and
  adopt passkeys.
- **Compatibility Analysis:** Use data from
  [State of Passkeys](https://state-of-passkeys.io) to assess your user base’s readiness
  for passkeys.
- **Gradual Rollouts:**
  [Transition to passkeys](https://www.corbado.com/blog/user-transition-passkeys-expert-strategies) in phases,
  starting with a subset of users before expanding.
- **Maintain MFA Fallbacks:** Keep SMS OTPs or other MFA options available during the
  initial rollout.

### Conclusion

While transitioning from SMS OTPs to passkeys has numerous benefits, careful planning and
execution are necessary to mitigate risks. Addressing user resistance, ensuring
compatibility, and maintaining robust fallback options will help ensure a smooth and
successful transition.

## Read the full article