Case Study
3 Min.

Digital health app pioneer mementor goes passwordless with Hanko Passkey API

Low friction and high security are crucial for digital health (DiGA) apps. With the Hanko Passkey API, mementor implemented passkey-based passwordless biometric authentication across their mobile and desktop apps within a few days.

Initial situation

mementor is a German startup that develops health apps. Their key product, an app called somnio, aims to cure sleep disorders and offers an innovative sleep training program. It is an officially approved digital health application (DiGA) and its use is paid for by German health insurance after prescription. The somnio app is based on web technology, so it can be used as a native app on smartphones, in mobile browsers, and in desktop browsers. The functionalities are the same everywhere. Prior to the integration of Hanko, somnio’s login procedure was built with username and password and email-based 2-factor authentication (2FA).

The business challenges

Regular use of the somnio app is crucial for improving health status and must therefore be integrated into the patient’s daily routine. It needs to be as pragmatic as possible. And even though the app itself brings great benefits to patients, there are three challenges mementor faces in delivering the app.

Password hassle

The somnio app can be used on smartphones as well as on PCs and laptops through the somnio web app. On all platforms, password-based login caused friction in the authentication process. Forgotten or incorrect passwords reduced the frequency of use and potentially affected the effectiveness of the app.

DiGA regulations

Only products that meet high security and data protection requirements are certified by the German Federal Institute for Drugs and Medical Devices (BfArM) as officially registered digital health applications. mementor must ensure privacy and sensitive handling of the patient’s data. That's why support for two-factor authentication was a top development priority from the start.


Patients need to use the app regularly to benefit the most. This means that mementor as a provider must make its handling as smooth as possible. Two-factor authentication, based on a password as the first factor and an email code as the second factor, makes the authentication process much more difficult for the user.

mementor was looking for a solution that could minimize all these potential pain points from the start.

The solution

When evaluating suitable solutions, mementor quickly recognized the advantages of passkeys and the Hanko Passkey API. Hanko can set itself apart from other solutions by being fully open source and by using the FIDO2 standards and WebAuthn on which Hanko’s Passkey API is built. Hanko's developer API is designed so that tech teams can integrate it into their applications completely independently. Detailed documentation and a short briefing from the Hanko team were enough to get mementor ready to go. With the help of Hanko’s software development kit (SDK), passkey integration for the somnio app was done in just a few days.

The outcome

Through passkeys, passwordless biometric authentication is possible with a unified integration in smartphone apps, on mobile websites as well as desktop websites. Using Hanko helped mementor to increase the usability of their health app while meeting all DiGA security requirements without much development effort.

"We have been using Hanko as a provider for passwordless login for over two years now. From the onboarding to this day, Hanko was always a very helpful and reliable partner with an impeccable support team."

– Daniel Rotzetter, co-founder and Engineering Lead of mementor

Back to overview

More blog posts

Don't miss out on latest blog posts, new releases and features of Hanko's products, and more.

Your submission has been received!
Something went wrong.