Introduction
Sign up for free here to start implementing Passkeys in your application.
In our previous articles, we’ve extensively discussed the security benefits of passkeys—from enhancing protection against account takeovers and phishing to simplifying compliance with regulatory frameworks like PSD2. However, the user experience (UX) aspect has received less attention, raising concerns for businesses considering widespread adoption.
This post synthesizes available data on passkeys deployment, focusing on conversion rates and deployment strategies, along with insights from large-scale implementations.
Who is using passkeys?
Global adoption data for passkeys is still emerging, but an analysis of the top 50 websites by traffic offers a glimpse into their uptake. According to Semrush’s December 2023 rankings, 19 of these websites now support passkeys, either as a primary authentication method or as a secondary option for multi-factor authentication (MFA).
| Site | Passkeys Primary | Passkeys MFA |
|---|---|---|
| Google Search | ✓ | ✓ |
| YouTube | ✓ | ✓ |
| ✓ | ✓ | |
| Pornhub | ✕ | ✕ |
| XVideos | ✕ | ✕ |
| X (Twitter) | ✓ | ✓ |
| Wikipedia | ✕ | ✕ |
| ✓ | ✓ | |
| ✕ | ✕ | |
| Amazon | ✓ | ✓ |
| DuckDuckGo | ✕ | ✕ |
| Yahoo | ✓ | ✓ |
| XNXX | ✕ | ✕ |
| TikTok | ✓ | ✓ |
| Bing | ✓ | ✓ |
| Yahoo JP | ✓ | ✓ |
| The Weather Channel | ✕ | ✕ |
| ✓ | ✓ | |
| Yandex | ✕ | ✕ |
| xHamster | ✕ | ✕ |
| OpenAI | ✕ | ✕ |
| Live | ✓ | ✓ |
| Microsoft | ✓ | ✓ |
| Microsoft Online | ✓ | ✓ |
| ✓ | ✓ | |
| Quora | ✕ | ✕ |
| Twitch | ✕ | ✕ |
| Naver | ✕ | ✕ |
| Netflix | ✕ | ✕ |
| Office | ✓ | ✓ |
| VK | ✕ | ✕ |
| Globo | ✕ | ✕ |
| Aliexpress | ✕ | ✕ |
| CNN | ✕ | ✕ |
| Zoom | ✕ | ✕ |
| IMDb | ✕ | ✕ |
| x.com (Twitter) | ✓ | ✓ |
| New York Times | ✕ | ✕ |
| OnlyFans | ✕ | ✕ |
| ESPN | ✕ | ✕ |
| Amazon.co.jp | ✓ | ✓ |
| ✕ | ✕ | |
| Universo Online | ✕ | ✕ |
| eBay | ✓ | ✓ |
| Marca | ✕ | ✕ |
| Canva | ✕ | ✕ |
| Spotify | ✕ | ✕ |
| BBC | ✕ | ✕ |
| PayPal | ✕ | ✕ |
| Apple Inc. | ✓ | ✓ |
Case studies
Yahoo Japan
Yahoo Japan, a major player with 55 million monthly active users, has seen about 11% of its user base adopt passkeys.
For the cohort of users using passkeys, Yahoo Japan observed the following:
- A statistically higher registration rate compared to every other authentication method. In particular the increase was 2.29% on iOS, 8.02% on Mac, 15.35% on Windows and 0.66% on Android
- 2.6x faster authentication time
- 25% decrease in customer support/authentication support requests
Mercari
Mercari, Inc. is a Japanese e-commerce company founded in 2013 with approximately 20m monthly active users. As of August 2023 approximately 900,000 users have registered passkeys credentials.
For the cohort of users using passkeys, Mercari observed the following:
- 82.5% success rate vs 67.7% for SMS OTP
- 4.4s vs 17s average time to login with passkeys compared to SMS OTP
Kayak
Implementing passkeys helped KAYAK, a leading travel search engine, cut the average login and registration time by 50%. Though specific customer support metrics are not disclosed, Kayak also saw a decrease in customer support/authentication support requests.
Dashlane
Dashlane is a password management tool that provides a secure way to manage user credentials, access control, and authentication across multiple systems and applications. Dashlane has over 18 million users and 20,000 businesses in 180 countries.
Dashlane, with its 18 million users, observed a remarkable 92% conversion rate for Passkey authentication—a 70% improvement over passwords.
UX considerations when implementing passkeys
Adopting passkeys offers significant security and usability benefits but requires thoughtful implementation:
- Supported devices: The UX of authentication and registration of a passkey is OS and browser dependent, and on some devices can be confusing, it is important to allowlist devices and browsers that have a good onboarding experience
- Fallback flow when a passkey is not available: Although some devices allow for syncable passkeys, this is definitely not the standard, so having a fallback authentication method for when a passkey is not available is key. However this poses both a security threat and potential friction for the user, so careful consideration needs to go into the flow
- Flow to add a new passkey: Similar to (2), a flow to add a new passkey is key. Passkeys are still fickle today, a change in browser profile results in a lost passkey; a complete wipe of cookies on Chrome also results in a loss of the passkeys. A flow to add multiple passkeys is a must
Conclusion
Passkeys represent a pivotal shift in digital authentication, offering a secure and user-friendly alternative to traditional passwords. For organizations considering passkeys, understanding both the technological landscape and user experience considerations is critical. If you’re ready to explore passkeys for your business, SlashID is here to assist. Don’t hesitate to reach out to us or sign up for free here!
