Passkey
passˌkee noun
A passkey is a FIDO authentication credential based on FIDO standards, that allows a user to sign in to apps and websites with the same process that they use to unlock their device (biometrics, PIN, or pattern). Passkeys are FIDO cryptographic credentials that are tied to a user’s account on a website or application. With passkeys, users no longer need to enter usernames and passwords or additional factors. Instead, a user approves a sign-in with the same process they use to unlock their device (for example, biometrics, PIN, pattern).
The word passkey is a common noun; think of it the way you would refer to password. It should be written in lowercase except when beginning a sentence or used in a title. The term passkey (and plural form passkeys) is a cross-platform general-use term, not a feature tied to any specific platform.
Created for Security
According to Verizon’s 2024 Data Breach Investigations Report, the overall reporting rate of phishing has been growing over the past few years. Credential breaches and exploitation of vulnerabilities are also growing security concerns.
Passkeys are phishing resistant and secure by design. They inherently help reduce attacks from cybercriminals such as phishing, credential stuffing, and other remote attacks. With passkeys there are no passwords to steal and there is no sign-in data that can be used to perpetuate attacks.
The passkey approach provides an improved security model over traditional authentication and multi-factor authentication. Even better, passkeys are also easier for people to use and result in 20% more successful sign-ins over passwords. For more information, refer to Passkey Security.
Easy and Fast Sign-ins
FIDO authentication is easy to use. People and organizations are rapidly adopting passkeys. In a recent independent survey commissioned by the FIDO Alliance, 53% of people reported enabling passkeys on at least one of their accounts, with 22% enabling them on every account they possibly can.
Benefits of Passkeys
Organizations who implement support for passkeys see the following benefits as passkey use increases:
Improvements for the end user experience
- Higher sign-in success rates
- Faster time to sign in
- Safer, more secure, and faster online experiences
- Cross-device and ecosystem availability
Business improvements
- Higher sign-in success rate, higher conversions, repeat purchases, and less downtime
- Reductions in phishing, credential stuffing, and attack surface
- Lower rate of cart abandonment
- Reduction in need for password resets during account recovery
- Decrease in need for customer support
- Increase in customer loyalty and retention
Lower costs associated with:
- service costs for authentication methods such as SMS text messages
- monitoring and defending malicious actors in real-time
- continuous hardening of traditional authentication solutions
- account reset due to forgot password and account lockout
From these examples, you can see that passkeys benefit both your organization and your end users.
You can view the latest user adoption trends https://fidoalliance.org/content/research/
Get Started with Passkeys
FIDO offers multiple resources related to passkeys. Here are some places to start as you explore passkeys and to help when you’re ready to implement support for passkeys.
- Passkey Central – A public resource for stakeholders seeking to learn more about how to use passkeys.
- Use Cases – Reference to learn about the various passkey use cases.
- Design Guidelines – Design Guidelines that center around design patterns for consumer use cases of passkeys.
- Case Studies and Directory – Learn how businesses and organizations have leveraged FIDO standards to create password-less authentication to provide secure logins for their employees and clients.
- Get the Passkey Icon – The passkey icon indicates to users that they can securely and easily sign in to their website or app without passwords.
