diff --git a/web/packages/accounts/pages/verify.tsx b/web/packages/accounts/pages/verify.tsx
index 4ebc738f15..11d129b82d 100644
--- a/web/packages/accounts/pages/verify.tsx
+++ b/web/packages/accounts/pages/verify.tsx
@@ -31,6 +31,7 @@ import { PAGES } from "../constants/pages";
 import { configureSRP } from "../services/srp";
 import type { PageProps } from "../types/page";
 import type { SRPSetupAttributes } from "../types/srp";
+import { redirectUserToPasskeyVerificationFlow } from "../services/passkey";
 
 const Page: React.FC<PageProps> = ({ appContext }) => {
     const { appName, logout } = appContext;
@@ -85,9 +86,7 @@ const Page: React.FC<PageProps> = ({ appContext }) => {
                     isTwoFactorPasskeysEnabled: true,
                 });
                 setIsFirstLogin(true);
-                window.location.href = `${accountsAppURL()}/passkeys/verify?passkeySessionID=${passkeySessionID}&redirect=${
-                    window.location.origin
-                }/passkeys/finish`;
+                redirectUserToPasskeyVerificationFlow(passkeySessionID);
                 router.push(PAGES.CREDENTIALS);
             } else if (twoFactorSessionID) {
                 setData(LS_KEYS.USER, {
diff --git a/web/packages/accounts/services/passkey.ts b/web/packages/accounts/services/passkey.ts
index 809517791f..9aeabe3328 100644
--- a/web/packages/accounts/services/passkey.ts
+++ b/web/packages/accounts/services/passkey.ts
@@ -1,9 +1,27 @@
 import log from "@/next/log";
 import { CustomError } from "@ente/shared/error";
 import HTTPService from "@ente/shared/network/HTTPService";
-import { getEndpoint } from "@ente/shared/network/api";
+import { accountsAppURL, getEndpoint } from "@ente/shared/network/api";
 import { getToken } from "@ente/shared/storage/localStorage/helpers";
 
+/**
+ * Redirect user to accounts.ente.io (or its equivalent), to a page where they
+ * can authenticate using their second factor, a passkey they've configured.
+ *
+ * On successful verification, accounts.ente.io will redirect back to our
+ * `/passkeys/finish` page.
+ *
+ * @param passkeySessionID An identifier provided by museum for this passkey
+ * verification session.
+ */
+export const redirectUserToPasskeyVerificationFlow = (
+    passkeySessionID: string,
+) => {
+    const redirect = `${window.location.origin}/passkeys/finish`;
+    const params = new URLSearchParams({ passkeySessionID, redirect });
+    window.location.href = `${accountsAppURL()}/passkeys/verify?${params.toString()}`;
+};
+
 export const isPasskeyRecoveryEnabled = async () => {
     try {
         const token = getToken();