A new report on passkey adoption finds a prime mover behind recent consumer adoption of that passwordless authentication standard: Amazon. The e-commerce giant saw an 88.9% spike in passkey authentication over the last three months among users of Dashlane, the password-manager service reported Tuesday. That put Amazon, which began rolling out passkey support in October, comfortably ahead of Target’s 70.5% jump in that time and the 60.4% increase of the third fastest-growing site, bookkeeping service Moneybird.Four of the other top 10 occupants of Dashlane’s list of the 20 fastest-growing passkey sites involve e-commerce of one sort or another: eBay, 43.3% growth; Adobe, 42.4%; Coinbase, 39.3%; and Stripe, 32.2%. Dashlane’s report suggests that the high profile of cryptocurrency sites in that list (in addition to Coinbase, Binance had 25.3% growth) reflects an awareness of the risks of cryptocurrency hacking attempts that exploit such common password mistakes as password reuse and falling prey to phishing scams: “These sites are often heavily targeted by attackers looking to gain access to wallets with stored crypto, which makes passkey adoption for these sites all the more important.”The Microsoft-owned GitHub software-development network came in seventh place with 36.1% increase in passkey use, followed by Roblox with 33.5%. The ID.me identity-verification service rounded out the top 10 with 32.1% growth.You have to look to the bottom half of Dashlane’s top 20 list to see two of the three big-name tech firms that launched a collective push for passkeys in May of 2022: Apple saw 29.9% growth and Google was just behind it at 28.6%, while Microsoft did not make this list at all. That, Dashlane suggested, reflects the unusual role those companies play as both operators of services that support passkey authentication and developers of the operating systems that their customers use to log into those services.“Google and Apple users are less likely to experience passkey authentication through Dashlane or other third-party credential manager as both have an integrated passkey experience with their own authenticators,” said Rew Islam, Dashlane’s director of product engineering and innovation. “Apple and Google serve as both the relying party (the entity that relies upon the user’s credentials to grant access) and the authenticator, and so are able to automatically create credentials for their users.”Only two social platforms show up on Dashlane’s list. X, which only supports passkey authentication in its iOS app, experienced a 28.6% growth in passkey authentication. And Facebook occupied the 20th-place spot on the list with a 23.5% increase, despite being absent from Dashlane’s directory of passkey sites, on account of that social network not yet supporting passkey authentication. After looking at an advance copy of Dashlane’s report and asking a PR rep about how Facebook could show up on it, Dashlane added a note to this report explaining that Facebook now uses passkeys as a backup form of authentication. I checked in my own Facebook account, and that seems to be the case: Registering a Google Titan USB security key as a backup authentication factor led to Facebook creating a passkey that 1Password then offered to save for me.
Recommended by Our Editors
Dashlane’s report says these statistics come from “an analysis of Dashlane data made up of hundreds of thousands of anonymized web and mobile passkey authentications.” That company offers a limited free tier and sells single-user service for $59.88 a year and a friends-and-family plan supporting up to 10 accounts for $79.88 a year. It began adding passkey support in August of 2022, earlier than other password managers.Dashlane’s report adds that the company has seen more than a 400% increase in passkey authentications to 200,000 a month. It doesn’t indicate how that compares to overall sign-ins via its apps but does boast that “one in five active Dashlane users now has at least one passkey stored in their credential vault.”Adoption of passkey authentication–in which you confirm a login at a site through an encrypted exchange of digital keys that you initiate through your device’s unlocking mechanism, usually via biometric security–continues to look uneven overall. Some companies have aggressively rolled out passkey support–Google, for example, enabled them for all Gmail users in May of last year–others have limited it to particular platforms or have yet to add it at all. Support also remains uneven between industries: While Dashlane’s numbers speak to how well online retailers are adopting this standard, travel remains a trailing indicator.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
