Passkeys are more popular than ever. This research explains why

Have you started adopting passkeys for more of your online accounts? If so, you’re far from alone. According to a new survey from the FIDO Alliance, passkey awareness and adoption have grown since being introduced two years ago.

For its fourth annual Online Authentication Barometer, the FIDO Alliance commissioned Sapio Research to run an online survey in August to elicit feedback about passkeys, passwords, and online security. The survey reached 10,000 consumers across the US, UK, France, Germany, Australia, Singapore, Japan, South Korea, India, and China.

Also: Passkeys take yet another big step towards killing off passwords

More than half (57%) of those polled said they’re aware of passkeys, up from the 39% who reported awareness of them in 2022. Only 16% of respondents said they’re unaware of passkeys, down from 28% two years ago. Among those who know what passkeys are, 62% said they use them to secure their website and app accounts.

At the same time, password use has been dropping. The average percentage of respondents who manually entered a password over the last two months fell to 28% this year from 38% in 2022. The need to manually enter a password is down across various sites and apps, including financial services, work accounts, social media accounts, media and streaming services, and smart home assistants.

Also: 7 essential password rules to follow in 2024, according to security experts

“Individuals are becoming more aware of passkeys and prioritizing their personal cybersecurity by increasingly implementing passkeys into their digital routines,” Darren Guccione, CEO, and co-founder at Keeper Security told ZDNET. 

“Passkeys work by using public key cryptography, where each passkey consists of a private key stored locally on the device you used to create the passkey, as well as a public key that is stored with the company you created your account with. This means that even if there is a breach, cybercriminals can only access the public key, which is essentially useless without the private key.”

Security is one of the main reasons people are gravitating toward passkeys and away from passwords. Passkeys typically rely on some form of biometric authentication, which is considered safer and less hackable than passwords.

Also: The best password manager for iPhone in 2024: Expert tested

Asked which methods of authentication they consider the most secure, 29% of those polled named biometrics. Just 15% cited a complex password that only they will remember, while 14% pointed to a one-time passcode sent to their mobile device.

Methods considered less secure include a browser’s auto form-fill to enter a password, an authentication application, a password manager, a physical security key, and a QR Code. Respondents also cited these methods in the same order as their preferred way of logging into their accounts.

“Passwords along with multi-factor authentication (MFA) set the bar higher in terms of making life difficult for the attacker but are not perfect,” Jason Soroko, senior fellow at Sectigo, told ZDNET. 

“Passkeys help to get rid of the shared secrets we utilize for authentication and move us closer to a world where our authentication is based on asymmetric secrets [private keys used to encrypt and decrypt data]. The nature of asymmetric secrets is that they are harder to harvest, whether through social engineering or the means of a compromised endpoint.”

Also: Why you should power off your phone at least once a week – according to the NSA

Based on the survey, online scams and threats are more of a concern for consumers. More than half (53%) of those polled said they’ve seen an increase in suspicious messages and online scams this year. 

Some areas cited as more risky include SMS messages, email, phone and voice messages, social media, instant messaging, Facebook Messenger, fake ads, and fake articles. In addition, more than half said they’ve witnessed greater sophistication concerning suspicious messages.

“When consumers know about passkeys, they use them,” said FIDO Alliance CEO Andrew Shikiar in a press release. 

Also: ExpressVPN rolls out three new ID theft tools to help you before, during, and after an incident

“Excitingly, 20% of the world’s top 100 websites and services already support passkeys. As the industry accelerates its efforts toward education and making deployment as simple as possible, we urge more brands to work with us to make passkeys available for consumers. The pace of passkey deployment and usage is set to accelerate even more in the next 12 months, and we are eager to help brands and consumers alike make the shift.”