Live demo

Passwordless user accounts

A real-world sample of production-style authentication: passkeys (WebAuthn) for day-to-day login, with email one-time codes as a reliable backup when a passkey is not available.

Private keys stay on the device; the browser binds credentials to your site, which improves phishing resistance compared to passwords alone.

Sign upLogin

Passkeys

Register and login with WebAuthn—biometrics or device PIN, no password to reuse or leak.

Email OTP backup

Request a time-limited code in email when you need a fallback path that still avoids static passwords.

Enumeration-safe flows

Designed so obvious “does this email exist?” signals are avoided where the demo implements those patterns.