Your web browser is out of date. Update your browser for more security, speed and the best experience on this site.

Update your browser
CapTech Home Page

Articles March 28, 2023

The Password-less Future is Closer Than You Think

CapTech
Author
CapTech

Say Hello to Passkeys

How many times a day do you, your employees, and your customers login to the websites and mobile apps you rely on? For those of us working in technology or tech-adjacent industries it’s several dozen times a day, especially when you include lower- friction methods like passwords saved by your browser or biometric authentication. Even for the average user, daily reliance on apps means that we are likely passing insecure authentication credentials far too often.

A 2022 NordPass study found that the average person today has 100 passwords. Having to regularly come up with new passwords, or more likely, using or riffing off existing passwords, is both a headache and an opportunity for a bad actor trying to access that person’s data. Even with the prevalence of password managers, multifactor authentication (MFA), and other authentication measures, customer data and organization security are still highly vulnerable to phishing attacks and data breaches that often expose large sets of customer usernames and passwords.

Imagine a future in which logging in to all of your accounts is as simple as using biometric authentication to unlock your phone. Enter passkeys. Passkeys are a password-less alternative to authenticating based on a common standard developed by the FIDO Alliance and the World Wide Web Consortium (W3C) and supported by major tech companies such as Apple, Google, and Microsoft.

At a technical level, a passkey is a cryptographic entity that’s not readable by you, and it’s used in place of a password. A passkey consists of a key pair; one key is public, registered with the website or app you’re using, and the other key is private, held only by your device. There is nothing about a passkey that you must create, guard, or remember. Passkeys offer the rare one-two punch of both a better user experience and enhanced security. 

    Legacy Username and Password Authentication 

    Password-less Authentication with a Passkey

    Rapid Adoption; Longer Transition

    Password-less Authentication using a Passkey from a Nearby Device

      Like any major behavior change, the evolution toward a password-less future won’t happen overnight. However, with the expanded support of key players such as Apple, Google, Microsoft, and the W3C, this future is well within reach. This does not mean that this shift will be easy. Organizations need to be prepared to educate and guide their customers down the path of frictionless authentication.

      Availability of built-in passkeys are currently supported by iOS 16 +, MacOS Ventura +, Android 9 +, Chrome OS, and most modern browsers including Chrome, Edge, Safari, and Opera. Microsoft Windows is set to deliver full support this year and most other platforms support sign-in with passkeys from a nearby device.

      With platform and device support in place, we expect to see a rapid increase of websites and applications offering passkeys as an authentication option when creating an account or as an alternative to an existing username and password. Passkey adoption not only increases security by implementing a solution that is not prone to common issues such as password reuse and phishing, but it enables a better user experience by reducing the friction around authentication and completely removes the need for common MFA flows.

      Passkey User Flows

      The first flow shown below is one with which every user and organization with a presence online is familiar and has come to accept as a requirement to keep data safe. Organizations have pushed features such as Two Factor Authentication (2FA) and MFA onto users in the name of enhanced security; however, these flows add friction to the user experience and can impact conversion rates and user frustration.

      In comparison, as shown in the second flow, the login process with passkeys is much more streamlined, removing the need to type, remember, or store passwords. Furthermore, common 2FA and MFA flows are no longer necessary due to the heightened security that passkeys enable.


        A Password-less Future

        We anticipate that the adoption of passkeys will start to gain major momentum this year and next, with most logins being password-less in the next three to five years.

        Are you ready to advance your customers on the journey to a password-less future?

        • Do you currently require your customers to enter a password with minimum security requirements?
        • Do your customers often call in to report password issues or to request account recovery?
        • Do your current user flows require MFA or risk checks when using your product or specific features within your product?
        • Has your organization or its customers been victim to a data breach that exposed user passwords?


        As part of our commitment to helping clients transition to passkeys, we will be publishing additional information on the technical and brand experience implications of passkey implementation. Be sure to check out our new podcast, and stay tuned for parts 2 and 3 of this blog series on the password-less future coming soon.

        A Password-less Future with Passkeys Podcast

        Listen to CapTech Trends
        Clinton Teegarden

        Clinton Teegarden

        Director

        Clinton is an Architect and the Mobile & Devices Practice Lead at CapTech Consulting. He has been involved with multiple high complexity engagements, where he has lead teams of varying technologies on and off-shore in multiple Agile environments. Clinton is highly active in the developer community delivering both blogs, talks, and open source contributions.

        LinkedIn Envelope

        Mary Deering

        Manager

        Mary is a project manager with 11 years of strategic communications and project management experience. Her experience includes strategic planning and project management to advance corporate priorities, requirements and business process analysis, and change management.

        LinkedIn Envelope
        Mark Badger

        Mark Badger

        Fellow, Customer Experience

        Mark is a seasoned experience design leader with over 20 years' experience in interaction and conceptual design, product/brand strategy, user research, and information architecture. He is fascinated by what drives people’s connections with brands and is dedicated to fostering value-infused interactions between them.

        LinkedIn Envelope

        Related Content