Originally posted on forbes.
You might not expect a business based on protecting and managing your passwords to celebrate their demise, but 1Password says this new technology is almost hacker-proof.
1Password has built a brand based on the secure creation, storage and use of passwords. So when the chief product officer tells you a new technology eliminates passwords and is nearly impossible for hackers to guess or intercept, you might want to pay attention. Not least, as that technology is already here and, unsurprisingly, is being adopted by sites, services and users in rapidly increasing numbers. That technology is the passkey.
Passkey Adoption By The Numbers
According to statistics exclusively released to Forbes Tuesday morning, 1Password has seen more than 700,000 passkeys created and saved by its users, doubling end-of-year expectations since the technology was added to the service in September. Currently, 334,000 1Password users are trying passkey technology, split 79% consumer and 21% business customers.
The most significant spikes in adoption come when another large platform announces support. Between October 16 and 22, when Amazon and WhatsApp announced support, the latter via a beta service for Android users, 1Password saw some 71,378 new passkeys created and saved.
On Tuesday, 1Password also revealed that there are more than 100 registered websites, apps or services in its passkeys directory. These include big names such as Adobe, Amazon, Apple, GitHub, Google, Microsoft, Nintendo, Nvidia, Okta, OnlyFans, PayPal, Robinhood, Roblox, Shop Pay, Shopify, Sinology, TikTok, Uber, Virgin Media, WhatsApp (Android), Yahoo! and Zoho.
What Are Passkeys?
Launched initially as an initiative by Apple, Google and Microsoft, passkeys are consumerizing security standards such as FIDO and WebAuthn. You can try them out at Passkeys.io where a simple demo account shows how easy they are to use and create. Google says passkeys are “significantly faster than passwords” to use, with an average of 14.9 seconds to sign into Google compared with 30.4 seconds for passwords. Furthermore, Google says, “the percentage of users successfully authenticating through same device passkeys is 4x higher than the success rate typically achieved with passwords,” some 63.8% for passkeys and just 13.8% for passwords.
“Passkeys eliminate passwords. Without passwords, there’s nothing to steal, making social engineering attacks like phishing ineffective,” 1Password’s chief product officer, Steve Won, told Forbes. “Every passkey is made up of two keys—a unique public key, which is created and stored on that company’s server, and a private key, which is stored on the user’s device.” The public key is used to create a challenge that can only be solved by the private key. “Because of this,” Won continues, “passkeys are nearly impossible for hackers to guess or intercept because the keys are randomly generated and never shared during the sign-in process.”
What Happens If You Lose The Device Associated With A Passkey?
So far, so good. But what happens if you lose the device associated with your password or it’s unavailable when needed? This is a genuine concern, as most people will likely use smartphones for this purpose. “If a user loses their device, they can recover their online account using another device on the same platform,” Won says, “for instance, Apple Keychain, Windows Hello, Google Chrome, 1Password.” If they don’t have another device, they can fall back to a recovery method from the online service, like a text code to re-authenticate, Won said.
Do Passkeys Sound The Death Knell For Password Managers?
Here’s the thing: this passwordless journey is only just beginning. It will take quite some time before every site, every service adopts passkeys and users follow along. “Password managers will be essential to bridge the security gap as steady adoption continues,” Won says. “For the 334k users who have already adopted passkeys, 1Password makes it easier for users to access them across platforms and ecosystems—providing access on iOS 17 and Android 14, as well as all major web browsers on Mac, Windows, and Linux.”
“Despite progress made in 2023 with updates from Google and others related to passkeys, the progression towards a passwordless future will remain slow in 2024,” Shiva Nathan, founder and CEO of features-as-a-service app platform Onymos, says. “The gradual progress in this journey can be attributed to user behavior patterns and a myriad of other factors, including the challenges that application and software providers will encounter while integrating new login measures.”
However, as Won concludes, “If 2023 was the year of hedging bets by making passkeys optional, 2024 will be the year that we see two or three major service providers go all-in on passkeys.”