Passkeys
Frank W. Abagnale
In May of this year, we saw a major announcement by the FIDO Alliance standards-body along with the platform vendors Apple, Microsoft, and Google pledging to support passkeys in the coming months.
- Passkeys are much easier to use than usernames and passwords – they aren’t typed or remembered and can be easily recovered, thereby eliminating much of the password reset frustrations and cost overheads
- Passkeys are cross-device FIDO credentials that get automatically synced by the platform vendor across a user’s devices (for example with Apple iCloud and KeyChain), meaning once a user has created a passkey, it’s available on all their devices.
The reason this is such a monumental point in history, is because we’re now on the precipice of mainstream adoption of passkeys. How so?
- Most laptops, desktops and smartphones today are passkey-ready and have the requisite hardware and software such as a biometric reader, secure enclave and compliant OS and browser. Around the world, there are now over four billion such compatible devices in use today.
- And in terms of the platform vendors: Apple has passkey support today in iOS 16 and macOS Ventura. Google will support passkeys in the next couple of months, and Microsoft will be in early 2023.
For over 10 years I have been talking about the shortfalls of passwords and why this legacy technology from the 1960’s needs to be replaced with new modern passwordless technologies that can mitigate the common attack vectors like phishing and credential-based attacks. With passkeys, digital businesses can finally move their customers off of passwords - to give them not only much more secure access to their accounts, but also with a user experience they’re all very familiar with, using things like Face ID and Touch ID.
So, any digital business should be racing to figure out their passkey strategy right now so they can make them available to their customers as soon as possible to achieve a competitive advantage.
Now, from what I’ve seen, most companies tend to underestimate the level of effort and expertise required to passkey-enable their sites and services – especially when it comes to user journeys and experiences which require well thought-out and researched flows to educate users and make it frictionless for them to create and use their passkeys.
- This here is an example of a build vs buy equation. The biggest companies tend to use their deep pockets and resources to go off and build it themselves over the course of 12-18 months. But for everyone else, the “buy” option is much more compelling as they can get passkeys to market much, much quicker, and without expending any development resources. So, my recommendation is to take a look at those companies as a viable solution right off the bat.
Note: Frank W. Abagnale was the original advisor to Trusona, who pioneered the passwordless space. Today, companies can adopt this technology also known as Passkeys.
See link for Apple demonstration for Passkeys: https://developer.apple.com/videos/play/wwdc2022/10092/