When it comes to ecommerce, passwords are simply bad for business. Online shoppers are notoriously fickle, and when they can’t remember their logins many people give up. MasterCard estimates that over 30% of online purchases are abandoned at checkout because of password-related issues. Even when everything works, passwords slow things down and leave 70% of customers feeling frustrated.
But account security is important too, which is why we’ve tolerated such a poor experience for so long. Unfortunately, passwords fail to actually protect customers. Humans are bad at generating and remembering secure passwords and often fall prey to attacks like phishing, with over 320,000 victims in 2021 alone.
What if there was a way your online shop could eliminate passwords and improve customer experience and security in one move? Now you can with passkeys. (Spoiler alert: Passage makes rolling out passkeys for ecommerce incredibly easy).
Passkeys are a direct replacement for passwords. But instead of relying on people to create or remember unique credentials for their accounts, passkeys use automatically generated cryptographic keys that are securely stored on each device. Users can quickly authorize the use of their passkeys by scanning their fingerprints or other biometrics, and the security of multi-factor authentication is built-in.
Because passkeys are tied to the specific sites they are created for, and because they don’t rely on information from the user, they eliminate the threat of phishing and other common attacks. On average, they are also 2x faster to use than passwords and 4x more likely to lead to a successful login.
For ecommerce sites, this translates directly into a better user experience and improved security. When done right, passkey implementations can quickly:
Passkey logins are made possible by open standards that are publicly available for developers to use. eBay and other ecommerce platforms have taken advantage of these standards to build custom implementations. However, there are significant technological challenges with this approach. Many teams find it difficult to provide a seamless experience across all devices, browsers, and systems, and poor implementations can negatively impact metrics.
That’s where Passage comes in. Our passwordless authentication service enables ecommerce shops to roll out best-in-class passkey implementations with just a few lines of code. Passage handles all the complexity of managing edge cases, account recovery, and infrastructure, so you can get up and running in minutes and focus on growing your store. (Our guides for WordPress, WooCommerce, and Shopify make things even easier, but Passage works seamlessly with many other ecommerce platforms as well).
There are two routes you can take to roll out passkey logins to your customers:
The best path depends on how many accounts you already have and how comfortable your users will be with a new way of signing in.
Here are some examples of ecommerce sites that have already implemented support for passkeys in different ways:
Home Depot may not be the first brand to come to mind when you think of online retailers, but they have a passkey implementation worth looking at. Users must register an account with a password first, but then on subsequent visits, they are prompted to set up a passwordless login. This approach can be effective for transitioning users to passwordless logins over time. Here’s a video walkthrough of the current flow:
It might be a stretch to call Kayak an ecommerce site, but their login flow is also worth checking out. Unlike Home Depot, they offer a fully passwordless experience from account registration through subsequent logins. Kayak is a passkey-first solution that reverts to email magic links if a device does not support passkeys. Take a look:
Once you have an account on bestbuy.com with a username and password, you can go into your account settings and add a passkey. This is the most subtle passkey example we’re including here, but for any shops looking to take a very conservative approach to rolling out new signin methods, this is worth considering. Keep in mind that this limits the security benefits of passkeys because there are still passwords in the account. Take a look:
With Google, Apple, Microsoft, and dozens of other major tech platforms leading the move to passkeys, it is just a matter of time before users expect the improved security and experience of passwordless authentication.
But as of right now, most ecommerce shops have not yet implemented support for passkeys, which means there is an opportunity for your shop to take the lead and stand out in the industry. Not only can you vastly improve the checkout experience for your customers, but you can also directly impact the metrics you care about most.
With Passage, rolling out passkey logins for ecommerce is simple and can be done in a way that fits the needs of your particular customers. If you’d like to chat more about your shop, give us a shout.