Google Launched Passkeys, what does it mean for other businesses

Google has launched Passkeys, and this announcement has significant implications for other businesses. On 3rd May 2023, Google stated that it was extending support for passkeys across all Google accounts on all major platforms. Users can now experience a passwordless sign-in process on apps and websites with fingerprinting, facial recognition or a local pin, without the need to enter a password or complete 2-step verification (2SV).

As a company, we were expecting this sooner, as all three big Tech Giants- Google, Apple, and Microsoft- had announced their support for Passkeys exactly one year prior.

As a Fido Alliance member, we have been closely monitoring this area and have observed companies such as Paypal, Shopify, Kayak, Robinhood and Nvidia implementing Passkey for their user base.

Passkeys are undeniably a better alternative to passwords since they provide an easy, fast, and secure way of authentication. Given the frequency of data breaches in recent times, Passkeys offer a phishing-resistant solution. Adoption of Passkeys provides organizations with several benefits:

1. A reduction in customer support of up to 20% since the majority of customer complaints related to login issues such as account compromise, password reset issues, or implementing MFA.
2. Passkeys are tied to devices, allowing for effective enterprise security, enabling access control through legitimate and registered devices. From a user perspective, Passkey is the simplest authentication method, utilizing only a user's biometric data.
3. Passkey-based authentication simplifies sign-up and login processes, resulting in increased user signup conversion and fewer abandoned carts due to authentication issues.
4. As private keys of passkeys are never stored on servers, mass password breaches will become history, resulting in significant savings for companies in cybersecurity expenses and legal costs.

As an IoT authentication company, we began exploring Passkey last September, attempting to introduce Passkey-based login for our developer portal. However, we realized that Passkey implementation comes with its set of challenges. Based on our own efforts and seeing other companies' implementation of Passkeys, we know that adopting Passkeys requires a considerable amount of development time, effort, and significant changes in database management.

We identified the following major roadblocks:

1. Implementing Passkey for different OS and platforms requires accessing different code libraries meant for a specific OS and going through extensive tech documentation.
2. A minimum of three developers or tech resources are required to make a product Passkey-ready. At least one frontend, one backend, and one QA engineer must work for at least two months. Like any new technology, Passkey at this nascent stage throws bugs that need to be solved by its own, with very few resources or community support available.
3. All platform providers, such as Apple, Google, and Microsoft, have begun supporting Passkey from a minimum OS version. If a user's device is not updated to that version, Passkey-based authentication will not work as their device would not support it. Implementing a smooth user journey and fallback mechanisms in such situations requires additional effort and time.
4. The most significant change will be in your user database. For a user, depending on whether they use multiple devices, there can be multiple passkeys associated with the same account. Therefore, your existing database requires an overhaul and major upgrades. Transitioning to these kinds of databases is not easy. You must decide whether to migrate to a new user database structure or introduce a new database solely to store userID and Passkey public keys that work coherently with your existing database.

Despite these challenges, we were able to overcome them and adopt Passkeys for our clients' logins in roughly three months. We went one step further and created a portal where users could experience Passkey-based login and see its effectiveness. You can check out the demo at https://passkeylab.com.

With our Passkey implementation journey, we realized that Passkeys are a really powerful solution to our password menace. However, small companies or startups will face similar challenges to us when they go for implementing it.

And that’s the reason why, for the past 5 months, we have been working on building our product SoundAuth, which provides a low-code/no-code solution to integrate passkey-based login flow for your product. Our product premise is very simple. If we are saying Passkey is an easier, faster, and safer login method, then its implementation should also be easier and faster. And that’s the reason, through our product, we do all the heavy lifting to integrate Passkeys on your website and apps.

SoundAuth intelligently integrates UI/UX as per OS requirements, makes changes at your backend server to align with Passkey requirements, and handles automatic user database changes and management. With an end-to-end product, SoundAuth takes care of your entire user journey. For example, if a user’s device does not support Passkeys, we make these options available with proper messaging and CTA to update the OS version to enable Passkeys for them. If users do not update the OS version, then we provide a fallback login method suitable for their devices.

Our enterprise dashboard keeps you updated about Passkey roll-out within your user base and ways to nudge them to make the adoption for the entire user base.

This is really an interesting time for user authentication, and we are keen to support companies who are thinking of following Google and making their users Passkey-ready. With SoundAuth, we believe we have made the implementation process a lot easier for companies of all sizes.

#passkeys #google #fido #passwordless