This article is a recap of Authenticate 2023, the leading conference for authentication and passkeys. Besides trends, KPIs from passkey rollouts are presented.
Vincent
Created: November 2, 2023
Updated: June 3, 2024
The Authenticate conference is the core conference when it comes to authentication and identity, guiding developers and industry experts through the murky waters of user authentication. In the following, we provide a summary of the key talks around passkeys.
Andrew Shikiar from the FIDO Alliance provided insights into FIDOs work on passkeys. With over 60,000 hours poured into honing FIDO's technical specifications, passkeys are poised to redefine digital access. Shikiar's message to developers was unequivocal: the groundwork has been laid, and it's time for passkey implementation to take center stage.
FIDO Alliance: 60,000 hours of work for FIDO technical specifications
For product managers, this advancement signals a transformative shift in user experience. With the world's digital populace ready and capable of embracing passkeys, the focus pivots to education and adoption, particularly in sensitive, regulated industries.
Derek Hanson from Yubico shed light on an inspiring case where the adoption of FIDO and passkeys not only bolstered security but also yielded economic benefits, exemplified by reduced cyber insurance premiums. Such narratives are critical for product managers weighing the financial implications of integrating passkey systems.
Pamela Dingle's revelation of the fourfold increase in password attacks at Microsoft underscores the urgency of adopting passkeys. Microsoft's integration of passkeys into Windows 11, facilitating cross-device synchronization in the future, offers the chance for wide-spread adoption of passkeys, especially on desktop devices.
In practice, Windows Hello, first unveiled in 2010, was a milestone in Microsoft's path to passwordless, culminating in the deep integration of passkeys in the latest Windows 11 22H2 version. The takeaway for developers and organizations is crystal-clear: integrating passkeys across digital platforms is essential for widespread user adoption and comfort. Microsoft's narrative wasn't just a story of innovation; it was a call to action.
Microsoft: 4,000 password attacks a second in 2023
Google's call for a #passkeysweek (which took place last week) and their commitment to ramp up passkey enablement signals a pivotal shift towards passwordless authentication. For developers, this initiative presents a wealth of resources and case studies, like KAYAK's 50% reduction in sign-in time, highlighting the tangible benefits of passkey integration.
KAYAK: 50% reduction in sign-in time
Google's Mitch Galavan and Court Morgan reveal their focus on optimizing usability. Their mission? To embed simplicity at the core of the passkey experience. Their efforts resonate well with users, with test results indicating a preference for passkeys over traditional sign-in methods, and a striking 76% willing to use them repeatedly.
Google: 76% of users are likely to use passkeys again
GitHub's experience with passkeys, catalyzing the swift rollout of 2FA for all users, is a testament to the potential of passkeys when aligned with FIDO guidelines. The developer community can take cues from GitHub's approach, recognizing that thoughtful user interface design is instrumental in driving passkey adoption.
GitHub: 100,000 passkey users 3 weeks after general rollout
Rolf Lindemann's insights into passkeys in regulated industries remind us that while passkeys bring unparalleled ease and security, they also invite new challenges, particularly around device management. Developers working within regulated markets must navigate these complexities with innovation and adherence to regulatory requirements.
Hans Reichenbach of Oktas candid session on the hurdles of passkey deployment serves as a crucial guide for developers. The intricacies of domain-specific registration and the nuances of revocation demand a meticulous approach to passkey implementation. Developers must stay ahead of these potential pitfalls to ensure a smooth transition to passkey-based systems.
Anna Pobletts of 1Password underscores the integral part credential managers play in advancing the user experience. By assimilating passkey support, 1Password observed a remarkable uptake, with over 150,000 users creating upwards of 300,000 passkeys. Its a powerful testament to how seamless integration can foster adoption among users who seek the comfort of familiar interfaces within their browsers.
1Password: in first month, 150,000 users with 300,000 created passkeys
Amazon's Mike Slaugh humorously brings to light the complexities that accompany scaling authentication systems, citing the need for simplification to handle the increasing variety of authentication methods and scenarios - even considering hermits in caves! Simplifying complex systems and offering a spectrum of authentication choices is pivotal for achieving scalability and enhancing user throughput.
Air New Zealand's Anthony Kemp illuminates how leveraging FIDO and passkeys not only elevated the user experience but also translated to tangible financial benefits through a reduction in account recovery requests and bolstering sales by minimizing user drop-off during authentication.
FOX Corporation, via Dean Perrine, touts the virtues of FIDO authentication in mitigating risk. With over 12,000 users to protect, FOX's journey to deploy YubiKeys showcased the demand for robust, secure authentication.
Avhinav Lele from Shopify shares his own narratives challenging the status quo of SMS-based authentication, illuminating the diverse approaches and inherent challenges in the pursuit of secure user authentication with passkeys.
The U.S. Government, through voices from NIST and GSA, gives us a glimpse into the concerted efforts towards FIDO adoption. Ryan Galluzzo teases upcoming guidance on synced passkeys, while Kenneth Myers highlights the successful pilot implementations across numerous agencies.
The payment industry experts discuss the persistent challenge of fraud. While strong authentication methods like those provided by FIDO are seen as vital to the ecosystem, there's a shared recognition that consumer education is essential to balance security and convenience in transactions.
Rew Islam from Dashlane articulated a potent synergy the role of password managers in a world pivoting towards passkeys. With passkeys, developers have a unique opportunity to refine authentication processes via mobile native app support and tailored user interfaces. Dashlane's integration of passkeys through browser extensions and mobile OS APIs is a blueprint for developers to enrich their platforms' security and user convenience.
Intuit's foray into FIDO authentication reaped tangible financial rewards, a detail shared by Rakan Khalid. The compelling increase from 80% to 97-98% in authentication success rates on mobile apps is more than just a statistic; it's a clarion call for product managers examining the impact of passkey implementation on user experience and revenue.
Intuit: Authentication success rate of 97-98% with passkeys compared to 80% previously
Tony MacDonell from Synacor spotlighted an oft-overlooked avenue connected TVs. The ongoing development of passkey implementation for these platforms is set to revolutionize the user experience, eliminating the cumbersome process of text entry and accelerating the authentication process. This innovation could be a game-changer for product managers focusing on user retention and ease of use.
TikTok's adoption of passkeys, as shared by Daniel Grube, is a testament to their efficacy. A staggering 97% login success rate is not just impressive; it's a benchmark. TikTok's internal use of FIDO strong authentication has amplified its security and, simultaneously, resulted in cost savings. For software developers, this is an empirical case study demonstrating passkeys' value proposition.
TikTok: 97% login success rate for passkeys
The conference was also a platform for unveiling research the FIDO Alliance's 2023 Online Authentication Barometer and the FIDO and LastPass 2023 Workforce Authentication report. These reports indicate a gradual but sure shift toward passwordless authentication. They serve as an analytical bedrock for product managers and developers looking to harness passkey technology for a competitive edge.
Executives from Skechers, Expedia, and Target shared their experiences during panel discussions, underscoring the business enablement potential of passkeys. The unanimous message was clear: the ecosystem is ripe for passwordless solutions, and the time for adoption is now. This presents a fertile ground for developers to innovate and for product managers to strategize user experience design.
In conclusion, the Authenticate 2023 conference has offered us a compelling vista of the future - a future where passkeys form the base of digital security and user convenience. Developers and product managers are going into the passkey-era, with the mandate to infuse security seamlessly into user experiences. The dialogue from industry visionaries and the practical demonstrations of passkey integrations have served as a call for professionals to adopt, innovate, and lead.
With projections pointing to a significant surge in passkey adoption by 2024, the takeaways from the conference make it abundantly clear: passkeys are not just a fleeting trend, but a fundamental shift in authentication practices. From 1Password's user-friendly credential management to Air New Zealand and Shopify's enhancements in customer interactions, the multi-industry embrace of passkeys underscores their universal appeal and effectiveness.
We at Corbado invite you to join this passkey revolution, a journey that promises to redefine the standards of digital authentication. Together, let's forge ahead, armed with the knowledge and best practices shared, to make passkey-based authentication the norm for a safer Internet for everyone.
Table of Contents
Enjoyed this read?
🤝 Join our Passkeys Community
Share passkeys implementation tips and get support to free the world from passwords.
🚀 Subscribe to Substack
Get the latest news, strategies, and insights about passkeys sent straight to your inbox.
We provide UI components, SDKs and guides to help you add passkeys to your app in <1 hour
Start for free
Recent Articles
WebAuthn Conditional UI (Passkeys Autofill) Technical Explanation
Vincent - October 20, 2023
WebAuthn Resident Key: Discoverable Credentials as Passkeys
Vincent - September 28, 2023