By
Colin Eastman
August 19, 2024
 |

6 Reasons Why Brands are Slow to Adopt Passkeys — and Why They Should Push Ahead Anyway

Passkey technology and biometric authentication is an exciting innovation, but like any new innovation, there are misconceptions and concerns about its adoption. We’re here to dispel them. 

Tech giants, including Apple, Google, and Microsoft are helping to drive the “passkey revolution.” Leading consumer brands like Nestle, Bayer, Carnival, DeLonghi, and many others are working with us to reboot their approach to authentication

They’re joining the revolution because of the well-established benefits — that passkeys and biometric authentication, when done right, are a better user experience and more secure than password-based authentication. 

However, we’re still in the somewhat early days of adoption, especially in industries that typically lag when adopting new technology. 

In this post, we'll explore six common reasons why some brands are slow to adopt passkeys and why, in reality, these reasons shouldn't stop them from moving forward. 

1. ‘Passkey technology is difficult to build’


It’s true
. Building your own solution is more complicated than it seems, as we covered in a recent blog post about choosing between building vs. buying a passkey-based authentication solution.

A recent conversation with a digital executive highlighted this complexity. A team of seasoned developers at a major social media company had created a passkey proof-of-concept, but the executive estimated that developing a full-fledged solution would still require 18 more months.

To develop a complete solution, developers and designers must fully address and test several variables:

  • The increasing number of connected devices — like phones, tablets, and wearables — that people use to access websites and apps.
  • The need to integrate an authentication framework among various legacy software components and applications.


Building something from scratch can be a “headache” for developers, product leaders, and users, as our co-founder and CEO Dor Shany wrote. And that’s exactly why “we built a tool that makes implementing passkeys — and leveraging biometric authentication tech — reasonably simple.” 


So, while it may be difficult to build your own solution, licensing technology reduces that up-front friction and rapidly accelerates your time to market. 

2. ‘Our customers aren’t ready for passkeys’


We recently talked with one digital experience leader at a major cruise line who was concerned about whether their customer base — including many older retirees — would struggle with using passkeys. 

Of course, any new tech has a learning curve. But the beauty of passkeys — and biometric authentication — is that the experience is the same as unlocking your phone. And we know that people — across demographics — use facial recognition and their fingerprints to use their phones dozens of times every day. 

Further, one of the biggest pain points across all demographics of digital users is password management. People who are less tech-savvy, in particular, are more likely to struggle with remembering or saving passwords. They are also more likely to re-use passwords across multiple sites, unknowingly creating a bigger security risk.

It’s entirely appropriate to be cautious when introducing new tech, requiring a learning curve, to customers. But when implemented correctly, passkeys and biometric authentication promise to improve user experience and security for every demographic. 

3. ‘Our users believe their biometric data is at risk’ 


There’s one blatant misconception that deter some users from enabling biometric authentication:  They believe when they sign in with facial recognition or a fingerprint, their biometric information is uploaded into a database. That their likeness or biological markings are passed into the digital ether, and their identities could be stolen. 

But that simply doesn’t happen. 

Biometric authentication takes place locally on a user's device. When you use a fingerprint or facial recognition, your device matches the scanned biometric data against a stored template on the device itself. This template is a mathematical representation of your biometric data, not the actual image or data. This representation doesn't leave the user's device. 

Even if someone gains access to the database of the app or website, they can't retrieve or misuse biometric data because it's never transmitted there.

Passkeys involve public-private key cryptography. When you authenticate with biometrics, your device uses the biometric template to unlock a private key stored on the device. This private key signs a cryptographic challenge from the app or website, which is then verified using the corresponding public key stored by the service. This process ensures secure authentication without transmitting sensitive biometric data.

4. ‘Leaders in my industry aren’t adopting passkeys’


As with any emerging technology, some industries are ahead of others when it comes to adopting passkeys and biometric authentication. Some product leaders in less technically progressive industries might argue that there’s no need to adopt passkeys now because no one in their space has just yet. 

However, the passkey revolution is happening for users, too. And while monitoring your competition is always a good practice, users will rapidly come to expect passwordless experiences with all of their online accounts and services. They don’t care what’s happening in your industry. 

Of course, staying ahead of the competition is an even better practice. Especially when it comes to improving user experience. We expect that, because the passwordless experience is so much better than the old way of authenticating, consumers will actively choose to sign up for accounts with companies that support it. And they’ll turn away from brands that require passwords. 

5. ‘Other priorities will have a bigger impact’


Product development is all about making choices with finite resources. You choose to build or implement some new features or technology. And, importantly, you choose not to upgrade in other areas. 

Every situation is different. Some companies overlook the impact of their authentication stack – and sometimes undervalue the positive impact and ROI that passkey technology offers. 

When looking at how to prioritize budgets and resources, sometimes they skip over the potential of passkeys/biometric authentication. They chose to invest in personalization and related pieces of the martech stack,  including customer data platforms, CRM software, and marketing automation. They didn’t fully consider that those investments only matter if you make it easy for people to create accounts and sign into them. 

Put another way, their front door was only cracked open, severely limiting the number of users in their databases. And capping the effectiveness of all of their database marketing investment and efforts. By blowing open that front door — and reducing friction with biometric authentication — all of the other metrics will improve.  

Customers who implement our authentication technology have significantly boosted KPIs including account creation, conversions, and revenue — while reducing customer service costs because of the reduction of lost passwords. (See more in our post about the ROI of passkeys.) 

6. ‘Other passwordless options are just as good as passkeys’


Not all passwordless approaches to authentication are created equally. As we wrote in a recent blog post, some companies may opt to implement one-time passwords (OTPs) to achieve a passwordless experience — because they may be technically easier to integrate into an authentication stack. 

However, OTPs introduce their own set of user experience issues. Users typically find it cumbersome to switch between a sign-in page and their email or messaging apps to retrieve and enter a code. This process creates a different kind of friction compared to traditional passwords and only marginally improves the overall experience.

For example, a recent conversation with a major apparel company revealed that after introducing OTPs as a quick fix, less than 0.5% of users adopted the feature within three months. Ultimately, the change failed to improve any of the key conversion metrics.

Security is another concern. While OTPs are more secure than passwords, they are not as robust as passkeys. A one-time code can still be intercepted or misused. In contrast, passkeys that leverage biometric authentication — such as fingerprints or facial recognition — offer a significantly higher level of security. It's much harder for someone to compromise your biometric data than it is to steal a code.

Still on the fence about when or how to adopt passkeys? 


If you want to learn more about how passkeys and biometric authentication can boost your business, reach out to us. Whether you want to strategize about when to commit to passkeys or understand the tradeoffs between building and licensing passkey technology, we’re always happy to talk. 



Colin Eastman is a seasoned professional with over 15 years of experience in software sales, specializing in Customer Identity for the last decade.  He has held leadership roles at the likes of Experian, Gigya and SAP and has partnered with many enterprise eCommerce companies and Fortune 500s on deploying their Customer Identity and Digital Commerce technology and strategy.