Passkey Analysis: Bitwarden Developer Survey 2024

Introduction

Bitwarden, the renowned password manager, just unveiled their Developer Survey for 2024, diving deep into developer secrets, security, and notably, passkeys. Over 600 developers shared their insights, providing a snapshot of the current mindset in the tech industry. In this article, we're going to analyze the findings on the passkeys section, offering clarity to developers and product managers.

Key findings:

1. Favorable Stance on Passkeys: An overwhelming 88% of developers view passkeys and passwordless features positively.
2. Widespread Passkey Usage: A significant 68% of developers utilize passkeys for work apps, while 60% have used them for personal apps.
3. Password's Future in Question: Despite the rising momentum of FIDO2 and passkeys, only 36% believe they'll completely replace passwords.

Digging into Passkeys Usage

Even though passkeys, in their current iteration, have been around for just a year, their adoption rate is impressive. Tech giants' efforts (e.g. Amazon, OnlyFans, Uber), coupled with the FIDO alliance's initiatives, have effectively educated the developer community - only a mere 3% remain unaware of passkeys. As companies continue endorsing passkeys and enhance the user experience, we except a sharp rise, especially in mobile app access.

The Landscape of Passkey Implementation

Source: Bitwarden Developer Survey 2024

Our mission at Corbado revolves around simplifying passkey integration for developers. Interestingly are Bitwardens findings regarding passkey implementation:

• 83% of developers are actively integrating passkey features.
• 41% have announced future implementation plans. Observations indicate that apps with existing bases usually monitor new tech adoption (here passkeys) before transitioning.
• 37% remain on the fence, which is expected. As passkeys are a paradigm shift in authentication, some inertia is natural. Many companies today just have the mindset of never change a running system. But the combined benefits for security and convenience will likely compel many to eventually make the leap. Moreover, sooner or later customers will demand passkeys, once they experience the benefits in other services.

What happens to Passwords?

Source: Bitwarden Developer Survey 2024

Though 36% of developers predict passkeys will take passwords dominant position, we're currently in a hybrid phase where both authentication methods coexist. Established platforms with existing user bases may employ multiple authentication methods temporarily, but new apps and websites have the chance and are likely to go 100% passwordless from the beginning.

Challenges in Passkey Implementation

Source: Bitwarden Developer Survey 2024

• System Compatibility (25%): Aligning with existing systems remains the top challenge, a concern Corbado Connect directly addresses.
• Updating Legacy Systems (23%): This is closely related to the first concern, as updating an existing system is definitely a challenge. Corbado Connect offers a seamless transition from password-reliant apps and websites to passkeys.
• Security Concerns (20%): New tech often comes with questions for new developers and product managers. This holds for passkeys as well if you are not familiar with them. Although inherently secure, incorrect passkey implementation can introduce vulnerabilities.
• User Education (17%): Changing user behavior is always tricky. User have known how to use passwords for decades and now a new method is introduced. We bank on major tech players to facilitate this transition by educating the users and overtime user will understand the usage.
• Cost Implications (15%): The costs linked to implementing passkeys, especially for established companies with existing apps, can be daunting. Opting for ready-made solutions like Corbado can be both cost-effective and risk-mitigating.

The Role of Passkey API Providers

Source: Bitwarden Developer Survey 2024

Most developers (77%) are open to leveraging an API provider for passkey authentication, affirming Corbado's role in the ecosystem, as it saves a lot of the challenges above. While 19% prefer a self-hosted solution, a tiny 4% would decline the usage of an external providers and instead rely on in-house expertise. The latter group probably has the internal engineering resources and know-how to do it on their own.

Additional Insights

• Enhancing 2FA: With 41% of developers prioritizing 2FA enhancement, passkeys - by default 2FA - become an attractive option.
• Passwordless Potential: 36% acknowledge the vast improvements in UX passwordless solutions can deliver without compromising security.

Parting Thoughts

Developers and product managers inherently lean towards innovation, especially when it enhances both security and user experience. However, they're also discerning and quick to pinpoint flaws. As passkeys continue evolving, their adoption and implementation will undoubtedly shape the future of online authentication.

For those keen on understanding more about passkeys and simplifying their implementation journey, Corbado stands as your trusted partner. Feel free to join our passkeys community to stay up to date in the world of passkeys or try passkeys yourself for free.