How passkeys are reshaping user security and convenience
In this Help Net Security interview, Anna Pobletts, Head of Passwordless at 1Password, talks about passkey adoption and its acceleration in 2024. This trend is particularly notable among highly-regulated services like fintech and banking, where users seek a sign-in experience that is simple and familiar.
She also discusses how passwordless authentication alleviates the burden on help desks and IT resources, allowing them to refocus their time and energy on more pressing issues that accelerate business and improve the bottom line.
With major tech companies like Google and Amazon adopting passkey technology, what do you believe has driven this substantial uptick in adoption?
We’re in the midst of a technological renaissance. Consumers have become accustomed to the convenience of their heart’s desire, at the push of a button—whether that’s Apple Pay; streaming the latest movies and music instantly; or ordering anything with a tap. However, one thing that hasn’t kept up with this shift toward seamless experiences is online security.
Passwords, 2FA/MFA and QR codes are all clunky and slow down the instant satisfaction consumers have come to expect with the online experience. Simple transactions require switching apps, finding phones or other devices, and disrupting workflows. Users are demanding a better experience, and are willing to experiment with new technologies like passkeys once they get a boost from trusted brands like Google and Amazon—who have a reach of billions and an ability to drive awareness on a massive scale.
At 1Password, we created and manage a passkeys directory, which keeps a running list of which websites, apps, and services offer signing in with passkeys, as well as an interactive element where users can vote for the businesses they want to see rollout passkey support—a useful resource to track ongoing adoption.
In order to expand passkey adoption from early adopters to the early majority, and beyond, it’s essential that big brands not only adopt passkey logins, but also make them prominent as a login option—and free them from being buried in menus. Trusted developer tools that make it easy to implement passkey authentication into websites, apps, and services as logins will also be critical in getting more businesses to come around to passkeys. And ultimately, we’ll need to accelerate adoption by sharing back statistics around how passkeys improve key business metrics like usage and sales, as well as user preference.
2024 is predicted to be a significant year for passkey technology, especially in fintech and banking. Why have these historically slow-to-adapt sectors started embracing passwordless authentication, and what unique competitive advantages does it offer them?
This past year, early adopters like TikTok, Google, Amazon, and Uber, among others, drove a substantial uptick in passkey adoption. This has laid the groundwork for billions of people to explore the security and convenience of passkeys, and for many other sectors to follow suit in the coming years.
A key factor that’s encouraging more highly-regulated services like fintech and banking—especially among consumer apps—to embrace passkeys in 2024 is the generative AI boom. Advances in AI are fueling increasingly sophisticated, complex, and wide-ranging cyberattacks, prompting these industries to embrace a way to better defend themselves and their end users. By adopting passkeys, they effectively remove the reward that hackers are after—user credentials—and cut off a critical pathway for attacks.
Moreover, fintech and banking services gain a two-pronged, unique advantage by adopting passwordless authentication: the proven security of public key cryptography upon which passkeys are built on, and for their end users, a sign-in experience that’s simple and familiar. That’s likely to impress both regulators and customers.
On top of that, many businesses are starting to see bottom-line validation that they have a lot to gain from embracing passkeys. Passkeys help drive usage and sales by eliminating key obstacles—signing up for a service and making a purchase—which is already making a real impact across adopters, including for fintech and banking apps.
Can you discuss how passwordless solutions enhance the user experience?
Easily signing up for a new site or service is a notable digital obstacle that we still haven’t solved. Having to constantly re-enter personal information that users have already provided to hundreds of websites is a real pain point and often disrupts the flow to conversions. Once someone has signed up, having to log in repeatedly, while navigating complex security procedures—like copying a one-time code from their phone or managing complicated passwords—can also add unnecessary friction to the user experience.
Passkeys eliminate the friction associated with legacy sign-in methods (which are often most prevalent in regulated industries), whether that’s passwords, 2FA or MFA, all while providing stronger security protection. Passkeys are so easy to use, we’re finding that one of the more ironic obstacles to adoption is that many people mistakenly believe that being more secure requires a more arduous sign-in process. That’s why we’re committed to educating the market that the only true way to protect online accounts is to have no password at all—leaving hackers nothing to steal if there’s no password to begin with.
By eliminating the password, we’ll also take the burden of having to assess every email or text received to discern if it’s a phishing attack off users, again, since there’s no password to steal. Personally, I’m looking forward to not getting messages from my parents asking me to evaluate if an email is real or not.
Passwordless authentication eases the burden on help desks and IT resources. How significant is this impact, and what are the long-term implications for IT management and resource allocation?
Most IT professionals didn’t sign up for a career consisting of resetting passwords and helping employees troubleshoot why they can’t get into their accounts every day. At 1Password, we expect passkeys to reduce the burden on businesses’ IT teams so they can refocus their time and energy on more pressing issues that accelerate the business and improve the bottom line.
As we look beyond 2024, what emerging trends or innovations in passwordless technology should professionals be aware of? How do you envision the landscape evolving in 5 to 10 years?
Passkeys are a transformational step forward in authentication and security—they’re even bigger than FaceID and biometrics—and I think that passkeys’ incredible win-win-win of security, efficiency, and improved business results mean they’ll become our default sign-in option in the next few years.
Beyond passkeys, I think the next interesting focus in the larger identity security conversation will be on how to best give people more control over their online data and identity. New technologies like verifiable credentials already exist and are quite promising. This technology enables people to prove their identity with things like digital passports, employee ID cards, and more, all in a way that enables users to maintain their privacy online. This technology is actually built upon many of the foundational concepts that make up passkeys, and so I envision they’ll become omnipresent sooner than we expect.