Passwords have been around since the 1960s and represent the primary means by which we — as consumers, employees, and citizens — access digital services and business applications. They are a source of endless user friction, are universally resented and let’s face it, are wholly ineffective in safeguarding our identities and accounts.
It’s no surprise then that Verizon reported a staggering 80% of web application breaches can be attributed to stolen credentials. The only thing passwords are good for today is treehouses. But that’s nothing you don’t already know.
The challenge has always been to find a viable alternative that combines simplicity, convenience, and reliability for users, while also offering the highest levels of security. That’s easier said than done.
Fortunately, there’s a groundbreaking innovation revolutionizing the way we create accounts and sign in to them: passkeys. Passkeys are a replacement for passwords that allow for faster, easier, and more secure sign-ins across all of a user’s devices. Passkeys are used in the same way we unlock our phones – relying on biometric authentication such as Touch ID and Face ID.
Passkeys also offer enormous security benefits as they are always strong and phishing resistant. They leverage public key cryptography so that when a user creates a passkey for a given site or application, a public–private key pair is created on the user’s device. The website only stores the public key while the private key remains tied to the user’s devices. The two keys are used to sign and validate messages that authenticate the user to the web site. And because passkeys are bound to a specific website, they’re impervious to phishing attacks. According to the Cybersecurity and Infrastructure Security Agency (CISA), passkeys are the gold standard in multi-factor authentication security.
Passkeys are now a global standard supported by billions of devices, including smartphones, laptops and PCs thanks to industry leaders like Apple, Google and Microsoft — all of whom are working together as part of the FIDO Alliance, an open industry association.
For digital businesses, embracing passkeys means simplifying account registration and sign-ins and improving conversion rates. With their unique blend of security, convenience and accessibility, passkeys are poised to revolutionize the customer experience. But the benefits extend far beyond the customers.
For businesses, passkeys act as a formidable barrier against hackers, drastically reducing the risk of account takeovers and phishing attempts. They also eliminate the need for SMS one-time passwords (OTPs) and significantly reduce call center complaints due to account lockouts. This not only saves costs, but also improves operational efficiency.
Businesses that take advantage of passkeys now will enjoy a first-mover advantage over their competitors. They can establish themselves as pioneers, elevating their brand recognition and fostering unwavering customer loyalty. Not only that, but they will also significantly improve account creation conversation rates and increase user sign in success to over 99%, both of which increase revenues.
Some notable digital brands that have already embraced passkeys include eBay, Kayak, PayPal, Shopify and Yahoo! Japan. It’s clear that they recognize the immense potential of passkeys to transform their business landscape.
Recently, Google made headlines by introducing passkeys for Google Accounts accompanied by compelling research data from over 100 million authentications. This data showed that users perceive passkeys as superior in terms of convenience. In fact, the percentage of successful authentications through same-device passkeys was four times higher than passwords. Furthermore, passkeys proved not only easier to use but also significantly faster than passwords. On average, users could sign in successfully within 14.9 seconds, while passwords took twice as long to complete the same task.
In conclusion, passkeys represent the new alternatives to passwords and are poised to revolutionize our digital experiences by providing faster, more secure, and more successful sign-ups and sign-ins. By embracing passkeys, businesses can bid farewell to customer friction points, increase customer satisfaction and loyalty, strengthen security, increase revenues, and lower costs.
As someone who has dedicated decades to helping organizations prevent fraud, I wholeheartedly believe the advent of passkeys will serve as a pivotal leap forward in the ongoing battle against cybercrime. With passkeys, we can finally reclaim our digital lives with a high degree of confidence.