Delivering Passwordless Login for 41M+ NHS Users

Passkeys

New Standard In Digital Identity

Client

NHS login

A digital identity service with over 4M daily active users, enabling secure single sign on (SSO) access to 100+ NHS services including the NHS App.

Role

Lead UX Designer

Leading the R&D team, my role extended from discovery phase to driving proof of concept and helping define MVP.

Working closely with the PO, business analyst and scrum master, I played a key role in prioritisation and delivery planning.

Challenge

Existing 2FA methods, relying on passwords and one-time passcodes (OTPs), added friction and limited users' access to vital health services, while also posing security risks due to vulnerabilities in password management.

Solution Delivered

A unified passworless experience across key touchpoint

  • Settings: Users can add/remove a passkey via their account settings.

  • Login interrupt: Eligible users are prompted to set up passkeys during login.

  • Passkey login: Users who set up a passkey are offered to log in with their passkey instead of password and OTP.

  • Help & support: A dedicated Help Center article offering guidance for setup and troubleshooting.

🚀 📈 1 year since launch:

  • Deployed passkeys across 100+ partner services
  • Enabled 4X faster access to NHS services
  • Reached 1.3M passkey users
  • Reduced reliance on OTPs, 194X growth in passkey logins(from 5K to 930K per month)

How we implemented a more secure, accessible and faster login experience

Delivery approach

Research led, phased delivery

  • Multiple rounds of user research and design iteration

  • Proof of concept (POC) technical testing

  • Technical testing to ensure seamless integration with existing FIDO implementation

  • Phased rollout with controlled traffic

  • Statistics dashboard to track adoption

  • Post-launch user research for continuous improvement

Scoping & Discovery

Limitations of 2FA

Identifying barriers to accessing the service

We facilitated a stakeholder workshop to discuss the existing methods of authentication.

We identified issues that created friction in the user journey and undermined security, creating the need for an alternative authentication method.

  • Dependency on mobile phones: Users without access to mobile phone or signal could not use the service.

  • Delays in OTP delivery: Slow OTPs (one time passcodes) frustrated users trying to access vital health services.

  • Password fatigue: Users struggled to manage their passwords, resorting to risky practices like reusing the same password.

It used to be easy to log in using my right index finger. Now we have the wretched password rigmarole.

I can’t remember my password for Patchs so I can’t log in to connect with my GP.

Often unable to use the app when travelling abroad and only able to use WiFi so unable to receive the security code sent to my phone.

Why passkeys?

A simpler, more secure way to log in

Passkeys are a secure alternative to passwords. They offer multi-factor authentication in single step removing the need for both passwords and OTPs.

They allow users to log in simply using their fingerprint, face ID, PIN, pattern or any other method they use to unlock their device.

User value

  • no need to save, remember or enter anything for login

  • phishing resistant account security

  • passwordless experience across all user's devices without needing to register on each device

  • cross-device authentication

Business value

  • low cost implementation

  • reduced cost of sending OTPs

  • no security risk and liability in case of a cyber attack

  • increased user trust in digital services

  • less support requests related to account recovery

Design Development

User testing

Multiple touchpoints and scenarios were covered in settings, registration, account recovery and login journeys.

We did 5 rounds of testing with 66 participants of varying age and digital skills.

  • 2 rounds of moderated testing with 14 participants

  • 2 rounds of unmoderated testing with 45 participants

  • 1 round of moderated testing with 7 participants with cognitive impairments, autism, dyslexia and low digital skills as well as those who are data skeptic

  • used Leeds accessibility lab to test with various screen readers and assistive tech devices

POC technical testing

Since passkeys are device led, user experience differs depending on the operating system and the browser.

To compile a library of behaviours and errors, we facilitated a technical testing session with the wider team helping us test passkeys on as many devices and browsers as possible.

References and inspiration

In order to maintain a consistent and familiar experience for users, we referred to industry leaders who have already implemented passkeys such as Apple, Google, PayPal, Amazon and Shopify.

Constraints & challenges

Limited control over the UI: When creating and using passkeys, a pop up is initiated which is managed by the browser and the operating system. Customisation of the pop up is restricted to basic elements (i.e. username and service name), limiting the ability to improve user understanding.

Complex user journeys: We had to consider multiple touch points i.e account recovery, settings, help centre etc and map out existing tech implementations to ensure a streamlined, secure and consistent user experience throughout the service.

Legal and security requirements: Balancing user needs with business requirements was challenging, as explaining technicalities could complicate the journey and lead to drop offs. By working closely with stakeholders and SMEs, and involving them in user testing and design reviews, we maintained a simple user journey while ensuring compliance.

WebView within native apps: Supporting passkeys in native apps requires specific WebView configurations. We updated developer documentation to outline these requirements and collaborated with partner services to ensure compatibility through testing. To enhance the user experience, we implemented device compatibility checks to avoid prompting users to set up passkeys on unsupported devices.

Existing FIDO implementation: While, in the long-term, there is possibility to phase out FIDO (biometric login), it needs to be gradual with a user-centred approach. The decision to fully migrate to passkeys or continue supporting FIDO depends on how passkey technology evolves and the user adoption. To prevent confusion and disruption for FIDO users during this transition period, we implemented eligibility criteria to ensure they are not interrupted to set up a passkey. Users with both passkeys and FIDO enabled will be able to continue logging in using biometrics on the native app and when accessing the service through a browser, they will be able to use their passkey.

Key Design Decisions

Adopting the term ‘Passkey’

The term ‘passkey’ was initially unfamiliar to many users, raising concerns about potential confusion or hesitation during onboarding. To explore this, we tested alternative phrasing such as ‘Register a device’ in early prototypes and user flows.

Ultimately, our decision to adopt ‘passkey’ was guided by several key factors:

  • Alignment with industry terminology: Apple and Google use ‘passkey’ in their ecosystems, making it important for users to recognise this term when managing passkeys in their device and browser settings.

  • Consistency with FIDO2 UI: Passkey pop up which is managed by the device and operating system uses the term ‘passkey’. We have no control over its content, so alignment was essential to avoid confusion.

  • Avoiding confusion with biometrics: We wanted to avoid users being confused between passkeys and the traditional biometrics.

  • Preventing misconceptions: When we replaced the term ‘passkey’ with more familiar phrases, users felt more confident. However, inadvertently this led to misunderstandings, with some users mistakenly assuming they would receive security alerts on their devices.

  • User adoption: Our decision to adopt ‘passkey’ was reinforced when we noticed users became more comfortable with the term after seeing it in context on the pop up and continued using it throughout their interactions.

Creating a device-led experience

During testing, we found that providing upfront instructions often led to cognitive overload and reduced user confidence.

Since passkey flows are managed by operating systems, the experience varies across devices and browsers. This inconsistency makes it difficult to offer accurate, step-by-step guidance—and maintaining these instructions becomes even more challenging as OS interfaces evolve.

Instead, we designed the experience to be led by the user’s device. When prompted directly by their system, users were more focused, confident, and able to follow along intuitively. Many gained a clearer understanding of passkeys simply by completing the process themselves.

Avoiding information overload

User testing revealed a clear pattern: the more we tried to explain what a passkey is, the less confident users felt.

With passkeys still being a new concept for many, overloading users with technical details—about security or how the technology works—often led to confusion and hesitation. While our intention was to inform, it ended up creating unnecessary friction.

What users really want is a smooth, secure experience they can trust. They rely on the service to manage the security, not to explain it. By simplifying the messaging and keeping information minimal, we were able to build trust and make the journey feel intuitive. This allowed users to stay focused on completing their task, without being distracted or overwhelmed by complexity.

Building user confidence through familiar references

When introducing a new concept like passkeys, it's tempting to include detailed explanations to reassure users. In early testing, many said they wanted more information about what a passkey is and how it works.

However, this didn’t align with their actual behaviour. During prototype testing, users often felt overwhelmed when presented with too much information upfront.

To explore this further, we ran an unmoderated test using an accordion-style component that let users expand and read more at their own pace. Out of 15 users, only 2 opened the additional content—and even then, they only skimmed it.

What stood out instead was the power of familiar language. Terms like ‘fingerprint’ and ‘Face ID’ immediately resonated with users and gave them a mental model of what to expect. These recognisable references were far more effective in building confidence and encouraging users to proceed than detailed explanations ever were.

User Feedback & Insights

While users are somewhat unfamiliar with passkeys, overall, they react positively to passwordless login and appreciate the security and speed of passkeys.

It would make me access the service more frequently because it would be more secure and less of a hassle to log in.

Post-launch Qualtrics survey

We ran a Qualtrics survey targeting users who had set up a passkey in the live product.

We received 92 responses:

  • 70 out of 92 users found the setup process easy, and 15 said it met their expectations.

  • 75 out of 92 users said their primary motivation was ‘to make login quicker’. 6 users chose improved security, while 5 users chose ‘no need to remember a password’.

Adoption

Number of users setting up a passkey grew steadily — despite there being no promotional campaign.

  • 1,000+ users set up a passkey in the first week

  • 5,000+ by the second week

  • 100,000+ unique users within two months

These numbers reflect entirely organic adoption — users discovering the feature independently within their account settings and choosing to opt in.

This early traction signals not only strong interest in passwordless login but also growing user trust and confidence in the new experience.

Key Takeaways

  • Passkeys are still emerging — widespread adoption will take time as users become more familiar with the concept.

  • User choice matters — some users will prefer familiar authentication methods, so continuing to offer secure alternatives remains essential.

  • Adoption improves with exposure — a higher success rate and fewer setup errors over time suggest that familiarity, along with a streamlined experience, plays a key role in building user confidence and encouraging uptake.

As more services offer passkeys, user confidence and familiarity will continue to grow, driving wider adoption over time.

Future Outlook

The future of passkeys looks promising, with global tech leaders like Apple, Google, Amazon, TikTok, WhatsApp, and PayPal now supporting passwordless authentication.

Apple and Google continue to collaborate on delivering a unified, cross-platform experience—bringing us closer to seamless, device-agnostic login for users everywhere.

Google’s recent updates further reinforce the industry's commitment to passkeys. Google Password Manager now supports passkey synchronisation across Windows, macOS, and Android, making the passwordless experience more consistent and accessible than ever.

Reflections

One of the defining aspects of this project was the close collaboration with engineers, cybersecurity specialists, and clinical teams.

By bridging the gap between design and technology, we ensured that passkey integration wasn’t just user-friendly—it was grounded in robust security and built for long-term sustainability.

This was a complex and rewarding challenge: laying the foundation for passwordless authentication and helping shape the future of digital identity.

It required more than designing individual screens. I had to map the full service landscape—understanding how different components connect, how users move through them, and how constraints like legacy tech, security protocols, legal requirements, and support systems influence the overall experience.

This project reinforced that effective design must take a holistic view—anticipating challenges early, working across disciplines, and delivering solutions that are not only seamless for users but scalable for the organisation.