Why Passkeys Matter

The world needs a better solution than passwords. Passkeys improve security while also being easier to use.


Published: March 12, 2024

24 billion. That’s how many passwords hackers exposed in a single year. That’s a staggering enough figure, and even more sobering when you realize that it gets bigger each year. The fact is that passwords are the worst combination of user experience and security. The best ones are difficult to remember, changed often, and never reused. It’s no wonder that nearly 85 percent of people recycle passwords.

We need something better. Fortunately, passkeys are here as the answer. They’re the replacement for passwords. As unlikely as the combination may seem, passkeys enhance security while making the user experience better.

The Limitations of Passwords

If everyone followed best practices for passwords, we wouldn’t need to have this conversation. Using only capital and lowercase letters, there are over 218 trillion possible password combinations. When you add numbers and symbols, that number increases exponentially. Seems secure enough, right?

But people aren’t very good at creating passwords. Upwards of 13 percent of Americans use the same password for every account. Only 37 percent even bother using two-factor authentication. There are also those few that still write their passwords on sticky notes and put it on their monitor. These behaviors make for insecure logins that are vulnerable from their creation.

The best identity and login solutions make it easy for developers to require good password behaviors. They use rules, validated by the app itself. These rules force specific combinations of uppercase, lowercase, numbers, letters, and symbols. Unfortunately, the more secure password rules are, the more likely it becomes that people will recycle them, forget them, or generally find them unappealing.

The Rise of Passkeys

Passkeys evolved out of the ideas behind public-key cryptography. This technology, first discussed in the 1970s, uses two keys. The public key is shared out in the open. The private key remains secure and confidential. The user can only gain access when both keys are present.

Fast forward to 2022 and big names in technology (Microsoft, Google, and Apple) joined up to unveil their support for passkeys on World Password Day. Now the challenge is getting the rest of the world to follow suit.

Passkeys in Action

If you’ve used Windows Hello or Apple’s FaceID, you’ve probably used passkeys. That PIN, fingerprint, or facial scan proves your identity. Once that’s done, you’re then given access to the public and private key pair to unlock the app in question.

Let’s get specific. Say that you are signing up for access to a website. Typically, you would input a username and password combination that you’d have to remember. With passkeys, that same website says “this person is logged in to a secure device, and we can trust that they are who they say they are.” Instead of using a username and password combination, you scan your fingerprint, face, or use a PIN to gain access to the site moving forward.

Further Reading

This blog post is only scratching the surface when it comes to passkeys. We spent some time putting together a white paper that details how passkeys can revolutionize security. We’d love to share it with you.

Download our free white paper: Why Passkeys Improve User Security.

The best time to implement passkeys was yesterday. The next best time is right now. Let’s work together to build a more secure, easier-to-access, and better online world.

More on authentication

Subscribe to The FusionAuth Newsletter

A newsletter for developers covering techniques, technical guides, and the latest product innovations coming from FusionAuth.

Just dev stuff. No junk.