Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In another study, the FIDO Alliance found that passkeys are supported by 20% of the world’s top 100 websites and 12% of the top 250, with 13 billion accounts able (potential, not a fait accompli) to leverage passkeys for sign-in.
https://fidoalliance.org/content-ebook-consumer-password-and-passkey-trends-wpd-2024/

Convincing new selection from https://passkeys-directory.dashlane.com/ (for intro update):

...

Added support to WhatsApp: https://faq.whatsapp.com/1850567238795036/?helpref=uf_share

maintained summary of WebAuthn support by various platforms and products: https://www.cisecurity.org/insights/blog/tracing-the-evolving-levels-of-support-for-webauthn

Implementation

Good hints on implementation and common misconceptions and problems: Corbado Blog - https://www.corbado.com/blog/passkey-implementation-pitfalls-misconceptions-unknowns

...

Case studies

For an e-commerce company, passkey implementation improved security and end-user experience. Although previously implemented passwords with SMS OTPs were successful in combating phishing attacks, they were costly and not user-friendly nor entirely effective. Passkeys addressed these issues by improving security, reducing costs and enhancing user experience. As a result, 900,000 accounts registered passkeys, increasing the sign-in success rate from 67.7% to 82.5% and decreasing the sign-in time from 17 seconds to 4.4 seconds. [https://fidoalliance.org/mercaris-passkey-authentication-speeds-up-sign-in-3-9-times/]

A government department sought to enhance security and end-user experience for their digital identity solution for over 10 million users. They chose to implement passkeys to replace passwords and SMS OTPs, which were costly and vulnerable to phishing. Their goals were to streamline the login process, decrease the strain on the help desk and fortify security. Based on prior experiences, they required a standards-based solution with interoperability and vendor neutrality. They created a tailored user experience based on findings from usability studies. Within six months, more than 100,000 devices enrolled in passkeys and there was a significant reduction in help desk calls for password resets. Future targets include migrating all users to passkeys, implementing authentication for the workforce and incorporating FIDO authentication into the state’s Zero Trust Identity strategy. [https://fidoalliance.org/state-of-michigans-milogin-adopts-passkeys/]

New uses

Emerging use of passkeys for end-to-end encryption with the PRF WebAuthn extension (https://github.com/w3c/webauthn/wiki/Explainer:-PRF-extension, https://w3c.github.io/webauthn/#prf-extension) which is used to provide access to anf encryption key from a passkey for particular site, which can then be used to reliably encrypt and decrypt data. One of uses for this is to provide the client with vault data ( https://bitwarden.com/blog/log-into-bitwarden-with-a-passkey/).

...

The alliance is also offering independent testing and certification programmes that address key elements of passkeys, including functional certification of authenticators (at three levels with two increments) and biometric components [https://fidoalliance.org/certification/, https://fidoalliance.org/certification/fido-certified-products/]. Establishing an integral scheme for passkey authenticator and provider implementations would greatly benefit their adoption in more secure scenarios.

Case studies

For an e-commerce company, passkey implementation improved security and end-user experience. Although previously implemented passwords with SMS OTPs were successful in combating phishing attacks, they were costly and not user-friendly nor entirely effective. Passkeys addressed these issues by improving security, reducing costs and enhancing user experience. As a result, 900,000 accounts registered passkeys, increasing the sign-in success rate from 67.7% to 82.5% and decreasing the sign-in time from 17 seconds to 4.4 seconds. [https://fidoalliance.org/mercaris-passkey-authentication-speeds-up-sign-in-3-9-times/]A government department sought to enhance security and end-user experience for their digital identity solution for over 10 million users. They chose to implement passkeys to replace passwords and SMS OTPs, which were costly and vulnerable to phishing. Their goals were to streamline the login process, decrease the strain on the help desk and fortify security. Based on prior experiences, they required a standards-based solution with interoperability and vendor neutrality. They created a tailored user experience based on findings from usability studies. Within six months, more than 100,000 devices enrolled in passkeys and there was a significant reduction in help desk calls for password resets. Future targets include migrating all users to passkeys, implementing authentication for the workforce and incorporating FIDO authentication into the state’s Zero Trust Identity strategy. [https://fidoalliance.org/state-of-michigans-milogin-adopts-passkeys/]

Enhancement on our Wiki

Provide links to the text at https://wiki.geant.org/display/GWP5/Passkey:

...