Home Security & Privacy Passwordless Credentials

Passwordless Credentials Cheat Sheet

Passkeys, WebAuthn, and OTP fallbacks

Last Updated: November 21, 2025

Focus Areas

Focus
Prefer passkeys or hardware keys over SMS OTPs
Fallback to device-based one-time codes when needed

Commands & Queries

npm install @simplewebauthn/server
Add WebAuthn
verify-platform-authenticator
Check device support
send-otp --phone +1555
Deliver a fallback code

Summary

Enable passwordless flows while keeping a throttled fallback for devices.

Related Cheat Sheets

Vault Secrets Engines

Enable engines, generate dynamic credentials, and renew leases

Incident Response

Declare incidents, contain, communicate, and learn

Node.js Security

Audit dependencies, configure CSP, and lock env variables

Passwordless Authentication

Deploy magic links, WebAuthn passkeys, and OTP flows

💡 Pro Tip: Support device-based passkeys and keep fallback OTP carefully throttled.

Related Cheat Sheets

Browse all Security & Privacy →

← Back to Security & Privacy | Browse all categories | View all cheat sheets