10 million passkeys registered for Mercari market app amid phishing crisis

Mercari, the Japanese e-commerce company behind the Mercari marketplace, has surpassed 10 million registered users of passkeys for authentication.

A release notes an alarming escalation of phishing scams in Japan, “with the number of unauthorized access cases increasing from 43 in February 2025 to 1,422 in March the following month, and 1,847 as of the 16th of April.” The spike has led the Financial Services Agency to issue a formal warning.

It comes in addition to the government’s “Comprehensive Measures to Protect the Public from Fraud,” which launched an initiative to promote passkeys in June 2024.

Mercari, however, was passkey-savvy before that; it introduced passkey support for passwordless authentication of the cryptocurrency service Mercain in April 2023. Passkeys were added to the Mercari market app in January 2024, and became the default authentication method for users with registered passkeys in September of that year.

Japanese companies have been enthusiastic in their adoption of passkeys, with Nikkei, Nulab and Tokyu Corporation among firms embracing passwordless authentication technology.

Are passkeys the answer? It depends

In a talk from the KuppingerCole 2025 European Identity and Cloud (EIC) conference, Marc Bütikofer, head of innovation for Ergon Informatik AG brand Airlock, digs into passkey myths, facts and adoption.

Bütikofer summarizes FIDO passkeys and aims to bust some myths around biometric passwordless authentication. His talk mostly focuses on passkeys for browsers, rather than apps. He argues that reasons for adopting passkeys go beyond phishing resistance; somewhat surprisingly given passkeys’ nagging reputation for being inscrutable, he cites UX among passkeys advantages.

“You can reduce costs,” he says. “They’re broadly supported today. And passkeys are still getting better.”

“So, I ask myself, why is the adoption not faster?”

To answer the question, Bütikofer interrogates some of the things people tell him about what’s stopping them from switching to passkeys. Namely, that synced passkeys leveraging the cloud are not secure, that they don’t provide strong customer authentication, that banks can’t use them, and

To the first assertion, he says, it’s not black and white. “You have to weigh pros and cons, you have to look at your use cases. You have to look at how well the cloud sync is implemented. You can’t say they’re insecure, but probably they’re not secure enough for some use cases.”

That same complexity leads Bütikofer to similar conclusions on all of his passkey questions: it really depends. He concludes with a brief high-level checklist for those considering passkeys. Do passkeys fit your use cases? What are your compliance requirements? Device-bound or synced? What’s your migration plan?

And, before you decide, he says, “definitely talk to the experts.”

Data stored in synthetic molecule a step toward data in everyday materials

Although biometric passkey adoption is on the uptick, some people might never get on board with passkeys. They can instead explore the option of logging in with a secret message encoded in a molecule.

Writing in the Cell Press journal Chem, researchers have revealed an “alternative method to encode information in synthetic molecules, which they used to encode and then decode an 11-character password to unlock a computer.”

“Molecules can store information for very long periods without needing power,” says author and electrical engineer Praveen Pasupathy of the University of Texas at Austin. “Nature has given us the proof of principle that this works. This is the first attempt to write information in a building block of a plastic that can then be read back using electrical signals, which takes us a step closer to storing information in an everyday material.”

Studies have shown that DNA and synthetic polymers can be designed to effectively store information. But decoding is expensive and resource intensive.

To make better molecular messages, the research team designed “molecules that contain electrochemical information,” and since “certain chain-like polymers can be broken down one building block at a time from the end of the chain,” the step-by-step degradation results in electrical signals that can then be decoded.

“Our approach has the potential to be scaled down to smaller, more economical devices compared to traditional spectrometry-based systems,” says senior author and chemist Eric Anslyn, also of the University of Texas at Austin. “It opens exciting prospects for interfacing chemical encoding with modern electronic systems and devices.”

Article Topics

biometric authentication  |  biometrics  |  consumer adoption  |  EIC 2025  |  FIDO2  |  KuppingerCole  |  passkeys  |  passwordless authentication  |  passwords