Soon Every Person on Earth Will Have At Least One Passkey

Traditional passwords, prone to theft and hacking, are now being overshadowed by the introduction of passkeys - a unique digital key connected directly to one's device. Rather than relying on memory-based passwords, a passkey uses built-in device features like biometric scans, such as Face ID, to authenticate a user's identity. Passkeys use a standard jointly developed and supported by the FIDO Alliance, consisting of Google, Apple and Microsoft.

1. Google's strategic move towards universal passkey adoption#

In the ongoing quest to enhance digital security, Google has actively been introducing passkeys across their platform. As of the last December, they've incorporated passkey functionality for Chrome users into Windows, macOS, and Android platforms. The reach extended when Google allowed over 9 million organizations to leverage passkeys for accessing Workspace and Google Cloud products. Notably, it is the first company to automatically create passkeys for its users: On World Password Day in May 2023, Google took a monumental step by unlocking passkeys for every Google account, automatically generating a passkey for every Android device linked to a Google account that cannot be deleted. This means that a substantial part of the world (the Android users) now has set up at least one passkey facilitating a secure login.

2. Apple's take on streamlined access with non-deletable passkeys#

Parallelly, Apple has been proactive in integrating passkeys into their ecosystem. The announcement made at WWDC 2023 introduced the passkey feature for iOS 17, iPadOS 17, and macOS Sonoma users. Crucially, for each device running iOS 17, a passkey is automatically generated - a feature that users cannot delete. This step shows Apple's commitment to enhancing security, as they transition users away from traditional passwords towards a more secure and streamlined access method across Apple platforms. This means that now the other part of the world (the iOS users) have at least one passkey starting from September. Users can now benefit from passwordless sign-ins on sites that support "Sign in with Apple."

3. How Google & Apple's market dominance accelerates passkey integration#

In 2023, the mobile market is overwhelmingly dominated by Android and Apple, constituting a combined 99% of users - 71% for Android and 28% for Apple. Given their massive market share, the automatic passkey implementations by these tech giants mean that nearly all smartphone users will soon be acquainted with this enhanced security measure.

1. Googles and Apple's passkey rollout will push social logins: By introducing passkeys in their own web services on google.com and apple.com, Google and Apple are fundamentally changing the primary authentication method. Third party social logins, which let users apply existing credentials from platforms like Google or Apple to log into third- party sites, will benefit the most from this change. Given the enormous financial and technical resources of Apple and Google, social logins will be getting a significant push from the current changes. Will this eliminate the need for app providers to independently take care of implementing a passkey login?

2. Websites and apps still need to provide their own login options: History teaches us a different story: In the realm of social logins, Google and Apple had previously faced hurdles in achieving widespread adoption of their login solutions. Despite the availability of advanced login methods, a significant number of websites and apps still offer to the traditional email and password login, for example. Consequently, there will be websites and apps that want to offer passkeys directly and not via Google or Apple account.

3. Tech giants set new industry standards with passkeys: However, the proactive initiatives by Google and Apple in the realm of passkeys can set new benchmarks. Their combined influence can be the driving force behind broader industry adoption of this technology. As users increasingly familiarize themselves with the ease and security of passkeys, the onus will be on other tech frontrunners to reevaluate and potentially revamp their security protocols. In this evolving digital landscape, staying updated with the latest security measures will be pivotal for any app providers aiming to provide users with both convenience and robust security.

4. To sum it up:#

In conclusion, passkeys offer an enhanced layer of security for online interactions. Soon, everyone will have at least one passkey, and its usage will become increasingly frequent. Users will not only get accustomed to it but will also request it from any app or service provider. This suggests that app providers themselves or with the help of passkey aggregators will need to offer secure, customized, and unified solutions for a better way to manage users login credentials, as big techs passkey social login solutions are not sufficient in practice.

Organizations that want to offer their employees or customers this state-of- the-art security can try out our passkey solution for free.

Frequently Asked Questions#

How did Google roll out passkeys to all its users without requiring any action from them?#

On World Password Day in May 2023, Google automatically generated a non-deletable passkey for every Android device linked to a Google account. Users did not need to opt in, and the passkey cannot be removed, meaning the entire Android user base gained at least one passkey automatically.

Why do app providers still need their own passkey login if Google and Apple already handle passkeys for their users?#

Despite Google and Apple offering social login solutions for years, a significant number of websites and apps still default to email and password authentication, showing that social logins alone do not drive universal adoption. This pattern suggests that app providers will need to offer passkeys directly, independent of Google or Apple account flows, to serve users who prefer not to authenticate via a third-party social login.

What is the difference between Google's and Apple's automatic passkey rollouts?#

Google's rollout happened on World Password Day in May 2023, automatically generating a non-deletable passkey for every Android device linked to a Google account. Apple's equivalent was announced at WWDC 2023 and began in September 2023, auto-generating a non-deletable passkey for each device running iOS 17, iPadOS 17 or macOS Sonoma.

How will Google and Apple's passkey adoption affect broader industry standards for authentication?#

Because Android and Apple together account for 99% of the mobile market, their automatic passkey rollouts will familiarize nearly all smartphone users with passkey-based authentication. As users grow accustomed to this experience, other technology providers and app developers will face increasing pressure to support passkeys natively or risk appearing outdated compared to these new benchmarks.