Passwords have been a cornerstone of digital authentication for decades, but their flaws are becoming increasingly apparent. According to the FIDO Alliance's latest report, "password pain" has led 42% of consumers to abandon purchases due to forgotten passwords. This figure rises to over 50% among consumers aged 25 to 34. As businesses fight for customer loyalty, these frustrations present a growing challenge.
"Passwords are becoming increasingly outdated and vulnerable to sophisticated cyber threats," says Devin Ertel, chief information security officer at Menlo Security." Many experts believe that a passwordless future is not just a possibility but an inevitability."
Enter passkeys—authentication methods designed to eliminate passwords altogether by leveraging public key cryptography. Instead of remembering and typing a password, users rely on their devices to store unique private keys, making the login process faster and more secure. While passkeys aren’t perfect, they’re a step closer to a world without passwords, easing frustrations for consumers and reducing risks for businesses.
The Rise of Passkeys and Passwordless Authentication
The appeal of passkeys lies in their simplicity and security. Unlike passwords, which can be stolen or guessed, passkeys use asymmetric encryption to create a nearly impenetrable barrier. The private key stays on your device, while the public key is stored with the service you're logging into. Even in the event of a data breach, cybercriminals cannot exploit a public key without its private counterpart.
This enhanced security is gaining traction. According to the FIDO Alliance report, awareness of passkeys has jumped by over 50% in the past two years, rising from 39% familiarity in 2022 to 57% in 2024.
“Anything that helps to get rid of passwords is a good thing,” says Jason Soroko, senior fellow at Sectigo. “Passkeys move us closer to a world where authentication is based on asymmetric secrets, which are much harder to compromise than shared passwords.”
However, adoption has been slower than some might hope. Despite growing consumer interest, many websites and apps still don’t support passkeys. This gap between interest and implementation limits their potential. Darren Guccione, CEO of Keeper Security, points out another challenge: “Saving your passkeys to a specific device means you must have physical access to that device to log in. This reliance can create challenges, which is where tools like password managers come into play, offering secure access across devices.”
The Security Challenge: AI-Driven Scams and Phishing
The increasing sophistication of digital threats has made stronger authentication methods essential. AI-powered scams are making phishing attacks more convincing, and younger consumers are especially attuned to these risks. According to the FIDO Alliance report, 61% of users aged 25 to 34 believe phishing threats are becoming more sophisticated, compared to just 25% of those over 65.
Passkeys offer a built-in defense against these threats. By eliminating the use of shared secrets like passwords, they minimize the attack surface available to cybercriminals. However, Soroko notes that even advanced systems like passkeys aren’t immune to vulnerabilities in session management, highlighting the need for ongoing improvements.
Session tokens are used to maintain an authenticated session after a user logs in. Once an attacker gains access to these tokens—through phishing, malware, or session hijacking—they can bypass the authentication process entirely. For example, a stolen session cookie can allow an attacker to impersonate the user without needing their passkey or password. This highlights a critical gap the industry will need to address: while passkeys secure the initial authentication, the session itself remains vulnerable.
The Business Impact of “Password Pain”
Businesses feel the sting of password fatigue just as much as consumers. Abandoned transactions caused by login failures represent lost revenue and eroded trust. Younger users, who dominate online activity, are particularly unforgiving of clunky login experiences. For these consumers, seamless access is a baseline expectation.
Ira Winkler, CISO for CYE, adds a dose of realism: “Consumers say they want better security, but they often reject alternatives if it means extra work. Even slight friction in the process can lead to rejection.”
This rejection creates a dilemma for businesses: How do you balance security with convenience? Passkeys might be part of the solution, offering an experience that is both secure and seamless enough to retain users while reducing friction.
Shifting Consumer Expectations in the Digital Age
According to the FIDO Alliance report, a majority of those familiar with passkeys (62%) are actively using them for apps and online accounts. This reflects consumer demand for convenience and security in equal measure. As more consumers experience the ease of passwordless authentication, their tolerance for traditional methods is likely to wane.
Businesses are beginning to recognize this. Many major companies, including Google and Apple, have implemented passkey systems, signaling confidence in their usability and effectiveness. Soroko believes this is just the beginning. “Asymmetric secrets are harder to harvest, whether through social engineering or compromised endpoints,” he says. “The adoption of passkeys is helping us move closer to a world without shared secrets, but the work isn’t done.”
The key for businesses is to adapt quickly. Those that fail to offer secure and user-friendly login options risk losing not just sales but customer loyalty.
The Future of Authentication: What’s Next for Businesses?
Passkeys are a significant step toward a passwordless future, but they are not the end of the road. The ongoing challenge for businesses lies in refining the broader authentication ecosystem. Improvements in session management, better interoperability between devices, and robust education for consumers will be critical in the years ahead.
Ertel emphasizes the importance of bridging the gap during this transition. “Passwordless authentication isn’t just a possibility; it’s becoming an inevitability,” he says. “But it needs to be implemented thoughtfully to minimize risks and maximize usability.”
For businesses considering passkeys, the advice is clear: start now. Implementing passkey support can provide immediate benefits, from reducing login friction to enhancing security. It’s also an opportunity to future-proof authentication systems as digital threats continue to evolve. Companies that act today will be better positioned to thrive in tomorrow’s digital landscape.
