Passkey adoption lags great expectations but opportunities still growing
Trends from 2023 passkey adoption show that customers are leaving passwords behind, albeit at a slower pace than some might like. Password managers like Bitwarden and 1Password are giving users the option to log in to their password vaults with their biometrics using passkeys.
The slow burn of passkey uptake may pick up in 2024
In 2023, there was a sharp spike in the number of tech companies that support passkeys, the authentication method that allows users to log in with a face or fingerprint biometrics, or with a PIN. Customer uptake shows promise but remains slow, which is not a surprise to careful observers.
Password manager Dashlane’s CPO Donald Hasson tells Engadget that users sign in with passkeys roughly 20,000 times per month, “with growth doubling quarter over quarter.” However, only a small fraction of users are leveraging the method, despite passkeys being more secure than traditional passwords.
Experts attribute the slow uptake to a natural resistance to change. “The hype is very well merited,” says security analyst Cole Grolmus of passkeys, in comments to Engadget. Still, “I think you just have to be realistic about the amount of time that it takes for any technological change, particularly ones involving consumer adoption, to play out.”
While many companies patiently wait for customers to make the switch, others are forcing their hand. As of the end of last year, Kayak users can only authenticate using single-sign on, passkeys or an email. Legacy password users are being prompted to switch to other options when they attempt to log on.
“Sign in with Google and sign in with Apple are very popular because they’re probably still the easiest experience if you’re already logged into these systems,” says Matthias Keller, Kayak’s chief scientist and senior VP of technology, adding that users making new accounts go for passkeys roughly two-thirds of the time.
Companies like PayPal, Shopify, Uber, and Roblox have all implemented passkeys, but some anticipate more will make a definitive shift toward passkeys in the new year. “If 2023 was the year of hedging bets by making passkeys optional, 2024 will be the year that we see two or three major service providers go all-in on passkeys,” says 1Password CPO Steve Won in comments to Forbes.
After 1Password introduced passkey support in September 2023, its users made and saved 700,000 passkeys. Currently, 334,000 1Password users are trying out passkeys; 79 percent are consumers and 21 percent are business customers.
1Password says it gets the biggest uptake in passkeys when large platforms add support. It saw roughly 71,378 new passkeys between October 16 and 22, 2023, at the same time Amazon and WhatsApp first announced support.
Google tells Forbes that passkey logins into its site take an average of 14.9 seconds compared to 30.4 seconds for passwords, and that it found a 4x higher login success rate for passkeys in comparison to passwords.
Passkey betas by Bitwarden, 1Password
Like Dashlane, password managers Bitwarden and 1Password have taken steps to implement a passkey login option for their users.
Bitwarden recently announced a beta implementation allowing users to log in to their vaults using passkeys as opposed to an email and master password. The new feature uses the PRF WebAuthn extension, which allows passkeys to be used in the encryption process.
Bitwarden is end-to-end encrypted, so it needs to authenticate users both to securely encrypt and decrypt data, which requires an encryption key, a string of random characters that must remain constant. For security purposes, the passkey login process uses a different value each time it is used to authenticate, and the passkey itself is never shared. This rules it out from being used as the encryption key.
The PRF extension derives a unique, fixed value from a passkey for a particular site. This allows Bitwarden users to use a passkey to authenticate to both encrypt and decrypt data.
Users are able to create up to five passkeys for logging in to the web app. PRF WebAuthn is currently supported by browsers based on Chromium, such as Google Chrome and Microsoft Edge, with more to come in the future.
To create a passkey for a Bitwarden account, users go to the security section under the account settings page. Then, they go to the master password tab, where they will be prompted to use the biometrics on their device or a PIN before they can start using the passkey.
1Password users can also now access their accounts using passkeys through their now public beta. After downloading the app, they can use a sign-up link to join the beta. Users then follow the prompts to input their device’s biometrics and passcode. Users can sign up to have an optional recovery code in the event they lose their device.
Article Topics
1Password | biometric authentication | Bitwarden | consumer adoption | Dashlane | passkeys | passwordless authentication
Comments