There appears to be growing momentum behind the use of passkeys as an alternative identity verification tool to passwords, with the familiarity with the technology growing over the past two years while the use of passwords as declined a bit, according to the Fast IDentity Online (FIDO) Alliance.

In its latest Online Authentication Barometer, FIDO found that support for a number of authentication options – including not just passkeys but also biometrics – is growing.

Public awareness of passkeys has jumped from 39% in 2022, when the technology was first introduced, to 57% this year. Meanwhile, the use of passwords in various services sectors is dropping. For example, the percentage of people who used a password over a two-month period for financial services dropped from 51% two years ago to 31% this year.

There were similar numbers for other accounts, including work accounts (52% to 36%), social media (37% to 30%), media and streaming services (30% to 24%), and smart home devices (22% to 17%).

Also, biometrics – such as fingerprint and face scans – was the authentication technology considered most secure, with 29% of the 10,000 consumers from around the world who were surveyed pointing to it. In addition, 28% said biometrics was the most preferred technology for signing into accounts.

“Consumer expectations are changing, and this data should serve as a clear call to action for brands and organizations still relying on outdated password systems,” FIDO Alliance CEO Andrew Shikiar said in a statement. “Consumers are actively seeking out and prefer passwordless alternatives when available, and brands that fail to adapt are losing patience, money, and loyalty, especially among younger generations.”

Businesses are Signing On

As they learn about passkeys, consumers are more likely to use them, and organizations are taking notice. According to FIDO, 20% of the world’s top 100 websites and services – including Amazon, Microsoft, Google, Uber, and Meta-owned WhatsApp – and Shikiar said he expects the deployment and use of passkeys will only accelerate over the next 12 months.

Passkeys use public key cryptography to generate a unique key pair for each account. When a user creates a passkey with a site or application, a public–private key pair is generated on the user’s device. Only the public key is stored by the site, but a hacker can’t get the user’s private key from the data stored on the server, which is needed to complete authentication, according to Google.

At FIDO’s Authenticate show last month, Microsoft introduced features the company is working on to make passkeys easier to use, including a plug-in model for third-party passkey providers, an improved user experience, and a Microsoft-synced passkey provider.

Passwords are a Weakness

Those companies and others have been pushing for several years for more secure online authentication technologies than passwords, which can be relatively easily brute-forced by bad actors or otherwise compromise. A key problem is that people can have 100 or more accounts, which makes creating and remembering unique passwords for each one essentially impossible.

Given that, users often will use simple passwords that are easier to remember, repeat the same passwords for multiple accounts, or store their passwords where they can be easily found. Compromised passwords continue to be a significant threat as more business is done online.

In its 2024 State of Passwordless Identity Report, security solutions company Hypr outlined the threat environment. The vendor found that 78% of organizations surveyed were targeted by identity-based cyberattacks and 63% were breached via authentication processes. In addition, 89% said passwordless multi-factor authentication (MFA) offers the highest level of security and 41% said they will adopt within the next three years.

Those numbers support what FIDO’s survey found, with 53% of respondents seeing increases in the number of suspicious messages and scams online. Also, 53% said they saw more scams and AI threats in text messages, as well as email (49%), phone and voice messages and social media (39% each), and instant messaging apps (33%).

Passwords Won’t Disappear Soon

While the demand for and innovation around passwordless technologies are growing, many don’t expect passwords to go away any time soon. In a column last year, the National Cybersecurity Alliance noted that “many people are dreaming of a more secure future, a future where we’ve transcended the need for passwords” and wrote about biometrics and passkeys.

Still, the organization wrote that “while we don’t think passwords are going away anytime soon (which is why you should always use strong ones), it seems passwordless authentication will be headed to your devices as an option very soon, if it isn’t there already.”

However, that innovation will take time and the effort of many to ensure passwordless options are strong.

“Hackers sure aren’t going to take a break in trying to figure out how to crack it,” the group said. “This is another reason why identity management, meaning managing who has access to online systems, is a critical topic for all digital citizens.”