Amazon is officially rolling out support for passkeys, and it's a big deal. Soon, over 300 million customers will be able to sign in to the world's most popular online store without any need to remember or type a password. This news represents a significant leap towards the passwordless future security experts have been dreaming of for at least a decade.
Many technologies have promised to kill passwords over the years but have failed to achieve widespread adoption. This time, things look different. Amazon is joining a growing list of leading tech companies that have rolled out passkey support over the last few months, including Adobe, Paypal, Kayak, Shopify, GitHub, TikTok, and Google. We expect other online retailers to follow Amazon in the near future.
Amazon has taken a slow and deliberate approach to rolling out passkey support. Initially, the functionality was only made available to a small subset of customers. But with their public announcement, all users now have the ability to create passkeys from the Login and Security page within user account settings. Take a look at this demo:
Currently, Amazon accounts must still have passwords even after passkeys are enabled. This makes it easier for Amazon to handle account recovery and devices that don't support passkeys (the most challenging aspect of building a seamless passwordless experience) but negates many of the security benefits passkeys offer. Hopefully, they will move more towards a passkey-first approach over time.
Passkeys don't just provide a better user experience, allowing customers to sign in 2x faster, they are phishing resistant and more secure than passwords. Instead of relying on people to create or remember credentials, passkeys utilize automatically generated keys stored securely on each device.
Users can authorize the use of their passkeys to sign in to specific apps and websites by scanning biometrics, just like they do to unlock their devices. Multi-factor authentication is built-in without any additional actions required from the user.
Forgotten passwords are estimated to result in 30% of online purchases being abandoned at checkout, which poses a problem for online retailers. Passkeys aren't just great for users. Reducing friction during the registration and checkout process by eliminating passwords can boost ecommerce conversion rates and reduce account reset support costs.
It will take time for Amazon and other services with established user bases to fully transition to passwordless authentication, but one thing is becoming increasingly clear: passkeys are the future. This is especially true in ecommerce given their value as a marketing tool for conversion optimization and as a cart abandonment solution. The industry is ripe for change.
With major players like Amazon rolling out support for passkeys, consumer adoption of the technology will continue to grow over the coming months. Once people experience the improved user experience and understand that it is also more secure than typical passwords, they will expect this functionality from the other websites they frequent.
Initially, the most tech-savvy users will adopt passkeys and will then share the technology with their friends and families. It could take a few years for the long tail of less technical users to fully embrace the idea of giving up passwords, but with breaches and cyber-attacks constantly in the news and new threats posed by AI, the migration will pick up speed.
Now is the time for other ecommerce stores to follow Amazon and help deliver a better and safer shopping experience for everyone. Those that do so will stay ahead of the curve and work with a significant advantage.
Passkeys are made possible by open standards such as FIDO2 and WebAuthn that developers can use to implement passkey logins from scratch, but there are significant challenges with an in-house approach. Seamless authentication requires backend infrastructure for securely storing user identity data and polished UI elements. There are also significant implementation differences across Android, iOS, and various web platforms, plus recovery flows and fallbacks can be difficult to finesse.
That's why Passage has teamed up with 1Password to offer a robust passwordless auth flow you can drop into your projects with just two lines of code. We handle everything from identity management and logs to account recovery and fallbacks via magic links or OTP, so you can focus on building your core product while offering a cutting-edge passwordless authentication experience.
You can embed Passage directly in your app or website using a web component, or redirect users to an OIDC-compliant hosted login page that integrates with most major Identity Providers (IdPs). We also have a set of backend libraries that you can use to authenticate requests and manage users on your servers. With Passage, your users don't think about passwords, and you don't think about authentication.
The passwordless future is finally here, and Amazon is leading the way. Passkeys solve the technical and UX problems that have prevented previous solutions from reaching widespread adoption, and with the major platforms implementing support it is just a matter of time before consumers demand a better login experience from every app and website they visit.
Now is a prime opportunity for forward-thinking ecommerce shops to help lead the industry forward. Not only can implementing passkeys lead to more conversions and higher profits, but this is perhaps one of the few investments that can give users a better AND more secure experience in one move. With Passage, rolling out passkeys doesn't have to be a pain. If you'd like to discuss strategies for getting started, we'd love to hear from you.