Third of Online Users Hit by Account Hacks Due to Weak Passwords

More than a third (36%) of people have had at least one online account compromised due to weak or stolen passwords in the past year, according to new research by the FIDO Alliance.

The survey by the open industry association also found a growing awareness and takeup of passkeys – an alternative to traditional usernames and passwords for authenticating accounts.

Around half (48%) of the world’s top 100 websites have already integrated passkey support, FIDO reported.

Additionally, 75% of respondents said they are now aware of passkey technology, while 69% have enabled passkeys on one or more accounts.

Over a third (38%) have enabled passkeys on all accounts they can.

The report also found that of those individuals who are aware of passkey technology, 53% believe they offer better security and 54% greater convenience than traditional passwords.

Around half (48%) of all respondents also admitted they had abandoned an online purchase simply because they forgot their password.

Phishing Resistant Alternative to Passwords

Passkeys are cryptographic credentials tied to a user’s account on a website or application, with sign-in enabled by a biometric sensor, such as fingerprint or facial recognition.

A private key is stored on the device and used to create cryptographic authentication signatures, and a public key is given to the server to store to verify the cryptographic authentication signatures.

Passkeys are much harder to phish than passwords as they work only on their registered websites and apps. Therefore, a user cannot be tricked into authenticating on a deceptive site because the browser or OS handles verification.

A number of high-profile technology firms have enabled passkeys as an authentication method for customers in recent years, including Google and X.

Read now: FIDO Alliance Proposes New Passkey Exchange Standard

Microsoft Introduces Passkeys for Consumer Accounts

On May 2, Microsoft announced it is making passkeys available for all its consumer accounts.

The tech giant said it was “painfully clear” that passwords are not sufficient for protecting our lives online, regardless of how long they are or how often they are changed.

Microsoft wrote: “Starting today, you can use a passkey to access your Microsoft account using your face, fingerprint, or device PIN on Windows, Google, and Apple platforms. Your passkey gives you quick and easy access to the Microsoft services you use every day, and it will do a much better job than your password of protecting your account from malicious attacks.”

FIDO Promotes Shift to World Passkey Day

The FIDO research was published on May 1, 2025, which marks the annual World Password Day awareness campaign.

However, FIDO has rebranded the campaign as World Passkey Day as part of its efforts to put an end to password use globally and encourage widespread adoption of more secure, modern authentication methods.

As part of its activities for the campaign, FIDO launched the Passkey Pledge, a voluntary pledge for online service providers and authentication product and service vendors committed to embracing passkeys.

The pledge has received commitments from over 100 organizations so far.

Andrew Shikiar, Executive Director and CEO of the FIDO Alliance, commented: “The establishment and growth of World Passkey Day reflects the fact that organizations of all shapes and sizes are taking action upon the imperative to move away from relying on passwords and other legacy authentication methods that have led to decades of data breaches, account takeovers and user frustration, which imperil the very foundations of our connected society.”

The FIDO Alliance research surveyed 1389 adults ages 18 and up based in the US, UK, China, South Korea and Japan.