Earlier this week another tech giant - TikTok - proudly announced the addition of passkeys. At OwnID we track the expansion of this groundbreaking technology and the impact it brings to businesses.
In a nutshell, passkeys (it’s not a typo, passkeys is spelled with a lowercase p) is a mechanism that enables websites and native apps accessing the device unlock whether it’s iPhone’s Face ID, Macbook’s Touch ID, Android’s fingerprint or Windows Hello. Passkeys is the most up-to-date passwordless authentication method, supported by Apple, Google and Microsoft. It is frictionless since users unlock their devices dozens of times a day anyway, and it’s very secure since it is a two factor authentication method that includes something you have (the device) + something you are/know.
TikTok is following a trend. Just a few weeks ago, Google announced adding passkeys to the Google Accounts system. And so do many other leading websites that see growth in registrations and logins after adding passkeys. Most of them, including Carnival.com, Carrefour.be, Nescafe and Olympics.com implemented passkeys using OwnID’s holistic and out-of-the-box solution. However, some choose to implement passkeys on their own which ends up missing the point and with a minimal adoption rate.
Where does TikTok’s implementation of passkeys fall short?
In principle, there are two reasons for adding passkeys: improving UX and increasing security.
UX: The main problem with traditional registration and login is that users hate creating passwords and remembering them. Unfortunately, most of the straightforward implementations of passkeys, including TikTok’s, enable passkeys only for user’s that already have a password. Indeed, it’s nice to give an option for onboarding passkeys in order to return and not use the password again. However, most users that are already logged in don’t bother to onboard passkeys. They need it when they are not logged in... As a result, the TikTok’s type of implementation gets only 2-3% of users.
OwnID’s approach enables users to create an account with passkeys without the need to ever create or use a password. OwnID also enables users with existing accounts to move to passkeys authentication without entering their password or even being logged-in. Supporting such scenarios is what differentiates between passkeys as a technology, and a full product, that includes additional technologies, enabling a complete passwordless out-of-the-box solution. This approach ends up with 40-60% adoption.
Security: as long as passwords exist, even as a fallback auth, the risks involved with passwords, such as credential stuffing, exist. When users create an account without a password, their accounts are much more protected.
So passkeys is becoming the new way to authenticate, and we see this trend growing fast. TikTok added passkeys since they understand the importance of UX and security and we believe everyone else will eventually join the trend and hopefully implement it in a way that maximizes the impact on their business.
If you wish to learn more about passkeys and the difference between a DIY implementation and OwnID, please click here.