Introduction
The transition from traditional password-based systems to passwordless authentication through passkeys marks a significant advancement in digital security. This shift is driven by the need to enhance security measures and improve user experience, as organizations increasingly adopt the FIDO (Fast Identity Online) authentication framework.
Description
Over 15 billion online accounts now utilize passwordless authentication through passkeys [1], marking a significant shift in digital security as organizations move away from vulnerable password-based systems [1]. The FIDO (Fast Identity Online) authentication framework [6], established in 2012 [5], comprises a set of open standards designed to reduce reliance on passwords. It employs cryptographic keys known as passkeys that are securely stored on a user’s device, such as a smartphone [6]. This method allows users to log in using biometric recognition [6], fingerprint scanning [6], or a PIN [6], significantly reducing the risks associated with credential theft and account hijacking [6].
Research by the FIDO Alliance indicates that 35% of individuals experienced at least one online account compromise due to weak or stolen passwords in the past year. This alarming statistic underscores the urgency for adopting passkeys as a secure alternative to traditional usernames and passwords for account authentication. Approximately 48% of the top 100 websites globally have integrated passkey support [3], reflecting a commitment to enhancing security and user experience while aiming to reduce account takeovers.
Among respondents, 74% are aware of passkey technology [3], with 69% enabling passkeys on one or more accounts [3]. Notably, 38% of passkey users apply them to all accounts that support the feature [5]. Of those familiar with passkeys, 54% find them more convenient than traditional passwords, while 53% believe they provide better security [3]. Additionally, 47% of respondents have abandoned online purchases due to forgotten passwords [3], highlighting the impact of password vulnerabilities on consumer behavior.
FIDO authentication eliminates the need for one-time passcodes (OTPs) [6], which can be intercepted [6], and ensures that passkeys are protected on the user’s device without exposure to external systems [6]. The private key remains on the user’s device [6], minimizing the risk of security breaches through database hacks or intercepted communications [6]. The public key stored with the service provider does not contain sensitive information [6], making it less valuable to hackers [6].
Andrew Shikiar [5], CEO of the FIDO Alliance [5], emphasizes the need for organizations to transition away from legacy authentication methods to prevent data breaches and account takeovers [5]. Google has emerged as a leader in implementing passkey protection, enhancing security for Gmail accounts [5]. The Advanced Protection Program [5], which previously required a hardware security key [5], now allows the use of passkeys [5], making it more accessible [5]. Shuvo Chatterjee from Google noted that passkeys are resistant to phishing [5], providing robust protection against unauthorized access [5]. To sign into a Google account [5], users must have their passkey [5], which requires access to the enrolled device and biometric or PIN verification [5], effectively preventing hackers from compromising accounts even if they possess the username and password [5].
The FIDO Alliance has also launched the Passkey Pledge [7], which has garnered commitments from over 100 organizations to promote the adoption of passkeys [7]. This initiative further emphasizes the need for organizations to transition away from outdated password-based authentication methods, which have contributed to numerous data breaches and user dissatisfaction [4]. By making it more difficult for unauthorized users to hijack accounts [6], FIDO enhances the security of sensitive data and supports multifactor authentication (MFA), requiring users to present multiple factors to access accounts [6]. FIDO is compatible with major web browsers [6], platforms [6], servers [6], applications [6], and devices [6], providing a robust authentication mechanism for organizations and online services while being user-friendly [6], as it eliminates the need for users to remember or regularly change passwords [6]. Microsoft has also implemented passkeys for consumer accounts [2], highlighting their improved security features and further promoting the shift from passwords to passkeys for more secure authentication methods.
Conclusion
The adoption of passkeys represents a pivotal moment in the evolution of digital security, offering a more secure and user-friendly alternative to traditional passwords. By mitigating the risks associated with credential theft and account hijacking [6], passkeys enhance the protection of sensitive data. As more organizations and platforms embrace this technology, the future of online authentication will likely see a continued decline in password reliance, leading to a safer digital environment for users worldwide.
References
[1] https://cybersecuritynews.com/passwordless-access-to-microsoft-account/
[2] https://www.hendryadrian.com/third-of-online-users-hit-by-account-hacks-due-to-weak-passwords/
[3] https://www.infosecurity-magazine.com/news/third-online-users-hacks-passwords/
[4] https://betanews.com/2025/05/01/research-confirms-consumers-are-turning-to-passkeys-to-protect-their-accounts/
[5] https://www.forbes.com/sites/daveywinder/2025/05/03/gmail-password-hack-attacks—google-gives-users-1-week-to-act/
[6] https://www.ibm.com/think/topics/fido
[7] https://fidoalliance.org/fido-alliance-champions-widespread-passkey-adoption-and-a-passwordless-future-on-world-passkey-day-2025/
