How to Pave the Way for Passkeys Adoption
The introduction of passkeys by major players like Apple and Google has been met with strong optimism. This leads us to believe that the adoption of passwordless methods of authentication will be more rapid and decisive. We are certain that the future of digital experiences will be defined by the shift away from passwords, and various organizations are already showing a lot of interest in implementing passkeys. Although reports show that the adoption rate still lags behind expectations, we anticipate an uptake this year.
In this blog post, we will discuss the most common challenges with passkeys and how they can be overcome to accelerate the start of a passwordless future.
What Are Passkeys and How Do They Work?
Before getting into the challenges of passkey adoption, I want to quickly recap the technology behind the concept and the practical benefits of going passwordless.
Passkeys serve as authentication credentials, comprising both a public and a private key. Users may be prompted to generate a passkey when they initially sign in to a website. During this process, the website stores the public portion of the passkey, while the private part is securely saved on users' devices. Subsequently, users can utilize this passkey for all future logins on the same website. Should users wish to discontinue using the passkey for that particular site, they can easily remove it from their browser.
Among the benefits of passkeys are their user-friendliness and their promise to make it safer and simpler to log in to apps and websites. Phishing-resistant, passkeys offer superior security compared to passwords, mitigating concerns around weak, recycled, or leaked passwords that could lead to server breaches.
Challenges of Passkey Adoption
Adopting passkeys presents a transformative and positive shift in the landscape of online authentication, but it's not without its challenges. Among them are the following:
Educating users about the benefits of passkeys
Overcoming user resistance to change
Ensuring interoperability across different platforms
Breaking the Password Habit and Offering Something Better
While the tech community might be overhyping the onset of a passwordless future, those unfamiliar with the concept or still don’t recognize the risks of phishing or password loss may have misconceptions about the effectiveness of passkeys or even the necessity of using them. As a result, communication is critical to helping the tech industry realize passkeys’ positive potential to improve security and user experiences.
It's important to properly communicate not only the nuances of generating, managing, and securely storing passkeys but also to share basic information about the technology and answer simple questions like “What happens if I lose my phone with passkeys?” or “How secure are they?” The resources aimed to educate on the topic should be user-centric, user-friendly, and targeted at as broad audiences as possible. This BBC video on passkeys is a good example.
Changing habits is hard, and overcoming user resistance to change is another pivotal aspect of promoting the adoption of passkeys. It is important to recognize that users may feel apprehensive about departing from the familiarity of passwords. Thus, it is crucial to continue emphasizing the fundamental risks associated with passwords and demonstrating the tangible benefits of passkeys. However, the fear factor is not enough to break the habit. To motivate users to adopt new authentication methods, the tech industry should strive to provide a convenient way to migrate to passkeys. And here we come to the final challenge — the technical one.
Ensuring Smooth Migration to Passkeys
Overcoming the technical challenge of passkey adoption lies in ensuring interoperability and seamless integration. Many developers are only just learning about passkey support. In most cases, developers want to switch their application logins to passkeys and then continue to access APIs afterward. The security setup should enable this with a streamlined implementation and optimal user experience (enter OAuth).
Another issue is recognizing common risks and technical limitations associated with passkeys:
Among the potential failure scenarios could be instances when users run on platforms without passkey support or roam across browsers and devices. Users may lose passkeys or encounter a bad user experience.
However, none of these challenges are blocking issues:
Having a backup authentication method will enable users who can’t use passkeys (for instance, email verification);
Passkeys cloud synchronization allows users who work on different platforms to avoid registration on a specific device and make it possible for them to log in to your service (Google Password Manager, Apple iCloud Keychain, or any third-party services);
Passkeys can be recovered in any lost passkey scenario, as the user can register additional passkeys by simply re-verifying their email.
Following FIDO Alliance UX Guidelines for Passkeys Creation and Sign-ins can help with ensuring your user journey is smooth.
To learn more about how to smoothly make the transition, read this article. To get practical advice on how to go passwordless and implement passkeys, watch our recent webinar available on demand.
Conclusion
Although wide passkey adoption hasn't progressed as quickly as expected, there's great promise ahead. Collaboration between the tech industry and the broader community is crucial to achieve this goal. By educating users, addressing their concerns, and ensuring smooth integration, we can facilitate a smoother transition to passkeys.
Through persistent effort and ongoing innovation, we can accelerate the adoption of passkeys and ensure that they are seamlessly integrated into our digital routines. This will offer a more secure and user-friendly authentication experience for both end-users and organizations.