Passkeys mature to occupy critical role in authentication for digital ID systems

The passkey tipping point may be fast approaching. As the anointed successor to passwords, passkeys are seeing increased support from huge global companies, improved data analysis and better resources. And, significantly from an industry standpoint, the FIDO Alliance appears to be on the verge of reorienting its priorities to encompass more work on account recovery and digital credentials – a sure sign that, even if passkeys do not deliver the fatal blow to passwords many have predicted, they are established enough for their primary defender to declare a kind of victory in its primary mission.

WhatsApp adds passkey encryption for backed-up chats; MS calls passkeys the future

WhatsApp has just announced support for passkey-encrypted backups, according to a recent blog post, which says passkeys will allow people to use fingerprints, face biometrics or screen lock codes to encrypt chat backups: “now, with just a tap or a glance, the same security that protects your personal chats and calls on WhatsApp is applied to your chat backups so they are always safe, accessible and private.”

Microsoft has announced that passkeys can now be securely saved and synced across Windows desktop devices using Microsoft Password Manager in Edge. In a blog that calls passkeys “the smart choice for protecting your online accounts,” Microsoft says its passkeys are stored securely in the cloud in an encrypted format and are additionally protected by a Microsoft Password Manager PIN. “Passkeys,” it declares, “are becoming the future of online security.”

Shift from identification to authorization long overdue

A recent piece in Forbes argues in favor of passkeys as a critical part of the robust authentication needed for digital identity systems. It calls out the FIDO Alliance’s collaboration with Liminal on the Passkey Index, which aims to provide a benchmark against which to measure the ongoing impact of passkeys. (FIDO Alliance CEO, Andrew Shikiar, appears on this Friday’s Biometric Update Podcast to discuss the index.)

“Drawing on data from major service providers ranging from Amazon and Google to TikTok and Target, the Index shows that 93 percent of user accounts across participating companies are now eligible for passkey sign-ins,” the piece says. “Of those, around a third have enrolled a passkey, and a quarter of all sign-ins are currently completed using passkeys.”

The author goes on to address the larger need for general-purpose standardized solutions in the form of digital credentials. The ability to present credentials rather than personally identifiable information “means that we can shift most transactions away from identification and on to authorization, a long overdue change in the fundamentals of online transactions.”

While the piece expresses skepticism about “maximal self-sovereign identity (SSI),” arguing that it may be too much for many people to manage, it endorses “some form of custodial SSI where the identities are managed by regulated institutions on behalf of customers.”

“Apart from anything else, if I accidentally leave my iPhone on top of my car and then reverse over it after it falls into the road, I’d like to be able to get my identity back from the safe keeping of my bank rather than have to go around rebuilding it piece by piece.”

Here again is the function of account recovery, which has drawn the FIDO Alliance’s specific attention.

Dashlane, another member of the Alliance, recently published its own passkey resource, the Passkey Power 20 – a ranking of the top firms driving adoption. To hear more about the ongoing passkey revolution, check out the Biometric Update Podcast’s recent interview with Rew Islam, Dashlane’s director of product engineering and innovation.

Article Topics

biometrics  |  FIDO Alliance  |  FIDO2  |  Microsoft  |  passkeys  |  passwordless authentication  |  WhatsApp