Passkeys have entered public consciousness as a way to replace password authentication with device biometrics or PINs, but the rollout appears to be uneven so far. Amazon’s passkey rollout has reportedly fallen short of expectations, while Thales and SoyYo expand their partnership to unveil passkeys and WhatsApp has begun its production rollout of passkeys.
Amazon’s passkey implementation criticized
Amazon has made a number of mistakes in rolling out passkeys, according to a Corbado article.
While Amazon’s passkey integrations can improve security, give less tech-savvy consumers exposure to the benefits of passkeys, and contribute to the widespread adoption of passkeys elsewhere, so far they’ve been implemented poorly, mitigating the convenience of biometric authentication.
If a user sets their country to a different location, they may be redirected to different domains and need to create separate passkeys for each country or top level domain. The feature also doesn’t have an autofill option and isn’t available on native apps.
Users are also prompted to go through a redundant one-time code verification process even after they have passkeys activated, which are by default 2FA. For devices or browsers where passkeys are not yet available, users are brought to a QR code (which Corbado says most consumers struggle with) instead of a message explaining that the passkey isn’t available.
“The roll out of passkeys should not be limited to just the Amazon website, there should be support for Amazon’s native apps such as Prime Video,” says Veridas CEO Eduardo Azanza in an email to Biometric Update. “Not only would Amazon improve the security of these apps but also customer experience.”
Thales and SoyYo expand partnership for passkeys
Other companies are also launching passkeys. Security provider Thales announced it is expanding its partnership with Colombia digital ID provider SoyYo to introduce FIDO2 passkeys for passwordless login.
Each of their passkeys consists of a pair of keys. One key is encrypted and stored on the local device, which maintains security in the event that a data breach occurs. Users go through an identity verification process and then are assigned a SoyYo passkey. Businesses with digital services can improve login success rates, strengthen security, and reduce operational costs by adopting such passkeys.
Over the last three years, SoyYo has used the IdCloud platform to onboard customers with document and identity verification. IdCloud is part of Thales’ OneWelcome identity platform which uses two types of passkeys. First, synced passkeys automatically synchronize within a device ecosystem for low assurance authentication, such as mobile apps. Second, device bound passkeys are uniquely bound to a device and can be used for high assurance authentication like transactions.
Additionally, WhatsApp announced on X, formerly known as Twitter, that it is implementing passkeys for Android. The feature has graduated from beta testing on Android, though no indication has been given about the timing of a passkeys launch for WhatsApp on iPhones.
Amazon | biometric authentication | biometrics | FIDO2 | passkeys | passwordless | Thales Digital Identity and Security | WhatsApp