FIDO Alliance talks passkeys in the public sector with Biometric Update
Passkeys are swiftly gaining popularity with more organizations and governments embracing the passwordless authentication method. Behind the creation of passkey standards is the FIDO Alliance which spoke about their proliferation in the public sector and the fight against threats such as generative AI at a recent Biometric Update webinar moderated by contributing editor Joel R. McConvey.
The FIDO Alliance has made it its goal to create open and free authentication standards to help reduce the world’s reliance on passwords. To achieve this, the industry association needed a scalable solution that is phishing-resistant and meets the requirements for multi-factor authentication. The game changer, however, was the user experience – an easier way to sign in, says Megan Shamas, FIDO Alliance chief marketing officer.
“We have 30 to 40 UX experts from major companies all over the globe that are working on this, but we also do research with real consumers, real citizens around these experiences and what resonates and what doesn’t,” she says.
Today, government agencies are actively promoting passkeys while the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) and other regulatory bodies are starting to introduce guidance for the technology. NIST’s entry into passkeys was prompted by questions from government agencies on their safety, says Jeremy Grant, managing director of technology and business strategy at Venable LLP law firm.
“For something that was only really launched in earnest as a name about two years ago, it’s been a really rapid adoption and recognition,” says Grant, who has been serving as an advisor to governments across the globe.
One example is the U.S. State of Michigan government services portal MiLogin which supports access to more than 360 applications and services spread across 18 different agencies. Since the introduction of passkeys, the platform has been averaging about 18,000 new enrollments a month while login abandonment has dropped by 73 percent over the last year.
“[This is] an amazing number when you think about it, and I think we’ve seen this with a lot of private sector partners as well,” he says.
Governments are looking into passkeys because of increasingly sophisticated and successful phishing attacks helped by social engineering.
“It’s no longer an email from the prince in Nigeria, these are very well honed in on attacks,” says FIDO Alliance’s Shamas. “What passkeys do is take the burden off of the user to have to identify those sorts of attacks, because path keys simply cannot be given away to a nefarious person.”
The development of passkeys is also boosted by the embrace of companies such as Mastercard, Apple, Google, Microsoft and X.
“Generative AI can spoof a lot of biometrics but it cannot spoof public key cryptography”, says Grant. “Whether it’s passkeys or other solutions that are rooted in public key cryptography, I think it’s going to become more important in the years to come as a deterministic factor: Are you actually in possession of a key to prove you’re a human or a particular human.”
The FIDO Alliance released a white paper this week describing the benefits of the passkeys and how organizations could embrace them to improve their security. The technology, however, also comes with drawbacks, including passkeys being tied to devices or supporting only certain devices and operating systems, a fragmented vendor ecosystem and outdated enterprise security policies. Most importantly, passkeys can still be hacked, market intelligence firm IDC highlights in a recent report.
Still, Grant believes that by the end of 2026, passkeys will become the predominant way people will authenticate themselves while signing up for new accounts online or accessing public-facing services in both government and industry.
Watch the webinar replay on-demand.
Passkeys in the public sector: in-depth with the FIDO Alliance
Article Topics
biometric authentication | biometrics | FIDO Alliance | NIST | passkeys | passwordless authentication | webinar
Comments