Passphrase Authentication
Passphrase authentication lets users log into any device using a recovery phrase consisting of multiple words (similar to cryptocurrency wallets). Users are responsible for storing this passphrase safely.
How it works
When a user creates an account with passphrase authentication:
- Jazz generates a unique recovery phrase derived from the user's cryptographic keys
- This phrase consists of words from a wordlist
- Users save this phrase and enter it when logging in on new devices
You can use one of the ready-to-use wordlists from the BIP39 repository or create your own. If you do decide to create your own wordlist, it's recommended to use at least 2048 unique words (or some higher power of two).
Key benefits
- Portable: Works across any device, even without browser or OS support
- User-controlled: User manages their authentication phrase
- Flexible: Works with any wordlist you choose
- Offline capable: No external dependencies
Implementation
Examples
You can see passphrase authentication in our passphrase example or the todo list demo.
When to use Passphrases
Passphrase authentication is ideal when:
- You need to support older browsers without WebAuthn capabilities
- Your users need to access the app on many different devices
- You want a fallback authentication method alongside passkeys
Limitations and considerations
- User responsibility: Users must securely store their passphrase
- Recovery concerns: If a user loses their passphrase, they cannot recover their account
- Security risk: Anyone with the passphrase can access the account
- User experience: Requires users to enter a potentially long phrase
Make sure to emphasize to your users:
- Store the passphrase in a secure location (password manager, written down in a safe place)
- The passphrase is the only way to recover their account
- Anyone with the passphrase can access the account