Why Password Managers Don't Solve the Password Problem
Password Managers' Limitations: Understand the challenges and why developers are turning to passkeys for enhanced security.
Robert
Created: December 22, 2022
Updated: March 25, 2026
+70-page Enterprise Passkey Whitepaper:
Learn how leaders get +80% passkey adoption. Trusted by Rakuten, Klarna & Oracle
- User adoption rates for password managers sit at around 20%, leaving the majority of users still relying on weak or reused passwords across accounts.
- Password managers remain vulnerable to phishing and malware attacks. A compromised database exposes all stored user credentials simultaneously, as the LastPass incident demonstrated.
- The passwordless shift threatens password managers' core business model, as more websites replace passwords with biometrics and one-time codes, reducing demand for credential vaults.
- Passkeys use public-key cryptography: a private key stays on the user's device and never leaves it, making them resistant to credential theft and cyberattacks.
- Unlike password managers, passkeys require no software installation on each device, removing a key friction point that contributes to the 20% adoption ceiling.
1. Introduction: The Password Problem#
One of the most common struggles people face in the digital age is managing their passwords. With the endless number of websites and online accounts that require a unique login, it becomes way more difficult to remember all the different passwords. A solution that has emerged to keep track of passwords in the online world are password managers.
2. Strategic Problems of Password Managers#
Password managers, such as Dashlane, LastPass, and 1Password, are tools that help people to create and manage unique passwords for their online accounts. These software and services offer a single and encrypted location where you can store all your login credentials. Having a digital vault remember your passwords may seem like a blessing, but there are multiple problems with passwords managers. Here are some of the major ones:
Subscribe to our Passkeys Substack for the latest news.
2.1 Problem 1: Low user adoption rates#
One major problem with password managers is that they require users to install the software on every device they use, add their credentials to the password manager, and ensure that everything is properly synced. This can be a cumbersome task for many people, leading to low user adoption rates of around 20%. This low adoption rate is a problem for companies that rely on password managers for authentication, as it means that many of their users are still using weak, easily guessable passwords or reusing the same password across multiple accounts.
2.2 Problem 2: Vulnerability to attacks#
Additionally, password managers are often targeted by hackers. The recent security incident at LastPass is just one example of this. While password managers do offer some protection against password-based attacks, they are still vulnerable to other types of attacks, such as phishing or malware. If a password manager's database is compromised, all the user's passwords are at risk of being exposed.
Become part of our Passkeys Community for updates & support.
2.3 Problem 3: Passwordless future#
The business model of password managers relies on people continuing to use passwords as the primary method of authentication for their online accounts. However, as online security continues to improve, the way we log in to websites and online accounts is also evolving. More and more websites and services are moving towards passwordless authentication methods, which eliminate the need for passwords. These methods use biometric data or other unique characteristics to verify a user's identity, such as one-time codes sent via text or email. As these technologies become more widespread, it's likely that we'll see even more websites and services adopting passwordless authentication in the future.
3. Passkeys as the solution#
Passkeys as the new authentication standard offer comprehensive solutions to the above-mentioned problems of password managers. Using biometric login like Face ID, Touch ID and Windows Hello, they create a simple and convenient solution that will boost adoption and never require a password again. Also, passkeys are the most secure authentication method since they rely on public- key cryptography, where a private key is stored on the users passkey device and a public key is stored on a dedicated server. Because the private key never leaves the passkey device it is highly secure and resistant to any cybercriminal. Lastly, passkeys are already prepared for a passwordless future as they rely on a technology that works completely without passwords, while also creating a promising business model.
The recent acquisition of Passage by 1Password shows that password managers are about to strengthen their passwordless capabilities in the passkeys area. Still, it is important to note that they require customers to install their software. This means that users must take the time to download and set up the password manager on all of their devices as well as requiring their users to remember a master password.
4. Recommendation#
Instead of relying the burden of going passwordless to the users and requiring them to install additional software, SaaS and e-commerce companies should take responsibility for implementing passwordless authentication. By offering passkeys as a central authentication method, companies can simplify the login process for their users and increase security by eliminating the need for passwords.
At Corbado, we are working on passwordless and passkey-centered authentication solutions that prioritize user experience. Our solution is designed to be easy to integrate and convenient for the user, while also providing strong security against cyber threats.
Frequently Asked Questions#
What happened with LastPass that shows password managers aren't fully secure?#
LastPass experienced a security incident that illustrates a fundamental risk of password managers: when their database is compromised, all stored user credentials are exposed at once. This single point of failure means a breach affects every account a user has stored, regardless of how strong those individual passwords are.
Should SaaS or e-commerce companies rely on password managers to make their users go passwordless?#
According to the article, SaaS and e-commerce companies should take direct responsibility for implementing passwordless authentication rather than shifting that burden to users. Offering passkeys as a central authentication method simplifies login and improves security without requiring users to install third-party software or remember a master password.
What is 1Password doing in the passkeys space and does it fully solve the problem?#
1Password acquired Passage to strengthen its passwordless and passkeys capabilities. However, the article notes that password managers still require users to install their software on all devices and remember a master password, which limits how seamless a truly passwordless experience can be.
How do passkeys protect against phishing when password managers cannot?#
Passkeys use public-key cryptography where the private key is stored on the user's device and never transmitted to a server, making credential interception impossible. Password managers, by contrast, remain vulnerable to phishing and malware even when encrypting stored passwords, because they still rely on the user entering retrievable credentials.
Share this article
Related Articles
Table of Contents