Passkeys and passwordless authentication: Trends, challenges, and how to get started

Think about the last time you forgot a password. Maybe you were trying to pay a bill, book a flight, or check your account balance. Instead of a quick login, you were stuck resetting your password, waiting for a code, and juggling email or SMS. Frustrating, right?

Passkeys are designed to eliminate all of that. They let you sign in with something you already have (your phone or laptop) and something you are (your face or fingerprint). No more remembering or typing passwords. No more phishing risks. Just a tap or a glance.

Here’s what is fueling the momentum for passkeys, what is still standing in the way, and how Strivacity recommends rolling them out.

Why Passkeys are taking off

Platforms are ready
Apple, Google, and Microsoft have rolled out support across operating systems, browsers, and devices. Safari, Chrome, Edge, and Firefox all support them too. The infrastructure is already built in.

Smartphones make adoption possible
With smartphone ownership over 80% in North America and nearly universal among younger demographics, most customers already have a passkey-ready device.

Adoption is accelerating

• More than 15 billion accounts are enabled for passkeys (FIDO Alliance)
  
• Google has logged 2.5 billion passkey authentications across 800 million accounts
  
• Amazon reports 175 million users with passkeys
  
• TikTok saw login times improve 17x after enabling them
  

Awareness is catching up too. In 2022, only 39% of consumers had heard of passkeys. By 2024, that number climbed to 62%.

Regulators are supportive
NIST, GDPR, HIPAA, NYDFS, and FFIEC all recognize passkeys as meeting requirements for secure authentication. That validation is pushing adoption in industries like banking and healthcare.

Challenges holding back passkey adoption

Momentum is strong, but adoption is not without roadblocks:

• Platform lock-in: Passkeys are tied to Apple, Google, or Microsoft ecosystems
  
• Inconsistent UX: Experiences differ across browsers and devices
  
• Device loss: Recovery is still a challenge if a device is lost or replaced
  
• Hybrid environments: Many apps still rely on passwords or SMS codes
  
• Customer awareness: Education is needed to build trust and confidence
  

The ecosystem is maturing quickly, but gaps in consistency and usability remain.

How to roll out passkeys in your CIAM strategy 

Strivacity recommends a phased, customer-first approach to passwordless authentication:

1. Educate customers
   Show them what passkeys are, why they matter, and how they keep accounts safe. Introduce them during moments like sign-up or password resets. Here’s what a passkey promotion looks like:

2. Offer choice
   Not everyone is ready to leave passwords behind. Keep passwords plus MFA available. Strivacity makes it easy to support both side by side.

3. Plan recovery carefully
   Do not rely only on vendor recovery flows. Use fallback options that are secure. For higher-risk accounts, add identity verification to recovery flows.
   
   
4. Roll out in steps
   Start optional, target early adopters, and test experiences before making passkeys the default.
   
   
5. Standardize across apps
   Define one enterprise-wide approach and roll it out across all apps. Consistency builds trust and prevents confusion.
   
   

The future of login

Passwords are frustrating for customers and risky for businesses. Passkeys replace them with login that is faster, safer, and easier.

The brands that win with passkeys will take a thoughtful approach. Educate customers. Offer choice. Plan recovery. Keep it consistent.

At Strivacity, we help organizations add passkeys into their sign-in flows without adding complexity for teams or friction for customers.

Ready to see how? Let’s talk.