The End State

  • Passkeys deliver the fastest and most phishing-resistant experience.
  • Email OTP provides a reliable fallback and recovery path.
  • Verification-first flows prevent premature account creation.
  • Enumeration-safe responses protect user privacy.
  • Rate limiting turns a clever auth design into a production-safe one.
Building a Production-Grade Passwordless Authentication System
12 / 12