Passkeys now pervasive but passwords persist in enterprise authentication

Passkeys are here; now about those passwords. Specifically, passkeys are now prevalent in the enterprise, the FIDO Alliance says, with more than 5 billion in global use between consumer and workforce environments.

FIDO has achieved near-universal awareness of passkeys, with 90 percent of consumers saying they are familiar with the phishing-protecting credentials. Three quarters of people have enabled passkeys on at least some accounts to replace password authentication with biometrics or device-tied factors.

Passkeys are now mainstream for workforce uses cases too, according to “The State of Passkeys 2026: Global Consumer and Workforce Report,” with just over two-thirds of organizations deploying or piloting them for employee authentication.

The task now is to get rid of passwords, which are still “widely used in parallel.” User behavior is the big barrier, according to a survey of 1,400 corporate IT decision-makers and 500 employees. More than half say the barrier is minor, and handled with training.

Deployments of passkeys are maturing, however, with roughly half of organizations using a mix of device-bound and synced passkeys.

Synced passkeys are convenient but capped at NIST Authentication Assurance Level 2 (AAL2), Corbado points out in a blog post this week, because they can be exported from the cloud. Hardware-bound passkeys can reach AAL3.

Apple and Google are using their 99 percent share in the mobile market to push consumers towards synced passkeys, Corbado argues, and this is part of the reason consumer activation of hardware-bound passkeys in banking sits below 5 percent.

The post looks at the relative position of secure element suppliers like Idemia, Thales and Infineon, security key manufacturers like Yubico and OneSpan, and smart card players like Idex Biometrics.

Metal or biometric smart cards cost anywhere from $5 to $15, and adding FIDO2 capabilities increases cost by $2 to $5, Corbado estimates.

The extensive post makes the case for adoption engineering as the way to encourage consumers to adopt the more secure version of passkey authentication.

Better outcomes, more use

Among organizations that have begun rolling out passkeys, nearly half say their security confidence and posture has improved. Forty-five percent say employee logins are faster and 43 percent say employees are more satisfied with their IT system. Helpdesk tickets for password resets were also down for more than a third, and phishing-related incidents were reduced for 32 percent.

On the consumer side, most of those who have enabled passkeys have done so for most of their apps or accounts. The result is that amongst all consumers, 49 percent say they are using passkeys “whenever possible” or “most of the time.”

Some variance is seen in the survey between regions, but generally reflect the same trends in passkey adoption and use happening globally.

The FIDO Alliance has also added extending its ecosystem to AI agents to its agenda with a series of recent moves.

Article Topics

biometric authentication  |  biometric security key  |  biometrics  |  Corbado  |  cybersecurity  |  FIDO Alliance  |  passkeys  |  passwordless authentication