Authentication

Passkeys and the Future of Passwordless Authentication in 2025

/ by Lee Painter

Abstract futuristic digital padlock with biometric patterns and circuit lines representing passkeys for passwordless authentication

Passwords have been the default credential for decades, yet they are increasingly untenable in a world of ubiquitous data breaches and sophisticated cyber‑attacks. Compromised credentials remain the leading cause of security incidents—Verizon’s 2024 Data Breach Investigations Report found that more than 80 % of breaches involve credential compromise [6]. Traditional multifactor authentication (MFA) reduces risk but still relies on passwords that can be phished or reused. As cyber‑threats and regulatory requirements intensify, organisations are moving towards a passwordless future that promises stronger security and a smoother user experience.

The rise of passkeys

In 2025, the most significant development in authentication is the adoption of passkeys, an implementation of the FIDO2/WebAuthn standard. Instead of memorising passwords, users authenticate with cryptographic key pairs stored on their devices; the private key never leaves the device while the public key is registered with the service. Passkeys work with familiar mechanisms such as Face ID, Touch ID, Windows Hello or hardware security keys. Because each passkey is bound to a specific site, it cannot be replayed on a phishing site [3].

Adoption metrics illustrate how quickly passkeys have moved from concept to mainstream. According to the FIDO Alliance, more than one billion people have activated at least one passkey and over 15 billion online accounts support passkey authentication. Consumer awareness has grown from 39 % to 57 % in just two years, reflecting growing familiarity with the technology. Andrew Shikiar, executive director of the FIDO Alliance, predicts that by the end of 2025 one in four of the world’s top 1,000 websites will offer passkey login options [2]. These figures underscore an inflection point: passkeys are becoming a de‑facto login method rather than an experimental feature.

Technical readiness is also high. Data from Corbado’s State of Passkeys tracker show that 75.44 % of devices were passkey‑ready as of 26 July 2025 [5], meaning they support platform authenticator features such as Face ID or Windows Hello. Such broad device support makes deployment practical across desktops, laptops and smartphones.

Market growth and business drivers

The economic opportunity around passwordless authentication is substantial. Market research from Straits Research projects that the global passwordless authentication market will grow from USD 18.36 billion in 2024 to USD 21.81 billion in 2025, reaching USD 86.35 billion by 2033 [1]. The report attributes this growth to escalating cyber‑threats, the adoption of remote work and the need to protect sensitive data. Credential theft and ransomware incidents have driven organisations to seek phishing‑resistant alternatives; the FIDO standard eliminates common attack vectors such as password reuse and credential stuffing.

Cost savings and user experience improvements are driving adoption. Amazon reported that after making passkeys available to all users, 175 million passkeys were created and sign‑in success rates improved by 30 %. Google says that 800 million Google accounts use passkeys and there have been 2.5 billion passkey sign‑ins over the past two years. Microsoft notes that passkey logins are three times faster than passwords and eight times faster than password‑plus‑MFA combinations [4]. These examples demonstrate how passwordless methods reduce user friction while improving security.

Industry‑specific results are compelling. CVS Health saw a 98 % reduction in account takeover fraud after implementing passkeys. The State of Michigan’s MiLogin system reduced support calls by 1,300 after switching to passkeys. Such outcomes translate directly into lower help‑desk costs and higher user satisfaction. A Ponemon Institute study noted that businesses adopting passwordless authentication saved almost USD 2 million compared with organisations that continued using traditional passwords and MFA.

Sector adoption

Passwordless adoption is widespread across sectors. Finance, healthcare and retail are leading the way because they store sensitive data and face strict regulations. JumpCloud’s 2025 report notes that 68 % of healthcare organisations plan to implement passwordless security by 2025 and that the finance sector held the largest market share for passwordless authentication in 2023 [8]. E‑commerce giants such as Amazon, Walmart, Best Buy, Target and eBay now offer passkeys, and major banks including American Express, Bank of America and Wells Fargo have begun rolling out passkey support [3]. The public sector is not far behind; Australia’s MyGov service and Michigan’s MiLogin highlight government adoption.

The FIDO Alliance’s press updates show strong momentum across Japan. In 2024, Japan’s passkey adoption efforts led Tokyu Corporation to report that 45 % of its users have passkeys, while Yahoo! Japan ID has 27 million active passkey users, with 50 % of smartphone authentication using passkeys [4]. This underscores global interest in passwordless authentication beyond North America and Europe.

The role of AI and behavioural authentication

Although passkeys address phishing and credential stuffing, AI‑augmented identity and access management (IAM) introduces new layers of security. The rise of artificial intelligence in authentication is driven by the same threat landscape that exposed passwords’ weaknesses. Gartner research cited by Avatier predicts that organisations using AI in their identity management processes will reduce identity‑related security breaches by 45 %. By analysing behavioural patterns (e.g., typing cadence, mouse movements and usage context), AI systems enable continuous authentication and can flag anomalies without interrupting legitimate users [6].

AI also supports predictive access management. Rather than relying solely on static roles, AI systems anticipate access needs based on role changes or project assignments, automatically recommending or revoking permissions. Okta’s 2024 report found that organisations implementing intelligent access provisioning reduced employee onboarding time by 85 % while improving security compliance. AI‑powered platforms can integrate threat intelligence to adjust authentication requirements based on location or risk factors and perform autonomous remediation, automatically applying step‑up authentication or isolating compromised accounts when suspicious activity is detected. According to SailPoint’s 2024 Identity Security Report, such capabilities allow organisations to respond to identity threats 96 % faster than those relying on manual processes [6].

Biometric encryption and emerging trends

Beyond passkeys and AI‑augmented IAM, other innovations are shaping the authentication landscape. Biometric encryption is a growing trend whereby unique biometric identifiers (fingerprint, facial recognition, iris) are converted into encrypted keys. This approach offers enhanced security by ensuring the biometric data itself is not stored in plaintext; it reduces the risk of identity theft and unauthorised access. As deepfake technologies improve, businesses must also invest in deepfake detection to preserve trust [7].

Organisations are increasingly preparing for AI‑powered cyber‑attacks, which use machine‑learning techniques to adapt and bypass traditional defences. To counter these threats, companies are integrating AI‑driven defences capable of real‑time anomaly detection and threat hunting. Additionally, secure remote work remains a priority; robust multifactor authentication and encryption are critical for protecting distributed workforces [7].

Challenges and considerations

Despite the promising outlook, organisations must address several challenges when moving to a passwordless future:

  1. Device interoperability and portability – There are two types of passkeys: device‑bound passkeys (stored on a single device) and synced passkeys (synchronised across devices via cloud services). While device‑bound passkeys offer stronger security, they can lead to account lockout if a device is lost. Synced passkeys improve usability but require trust in cloud ecosystems. Effective recovery mechanisms and guidelines are essential.
  2. User education and adoption – Passkeys require users to understand new authentication flows (Face ID/Touch ID instead of typing a password). Early research indicates that terms like “passkey” are unfamiliar to many users, but describing them as “face, fingerprint or PIN” improves adoption. Organisations should provide clear onboarding materials and proactively encourage passkey enrolment.
  3. Regulatory compliance and privacy – Passwordless authentication must meet data‑protection laws such as GDPR and CCPA. Biometric data and behavioural analytics raise privacy concerns, so security teams must ensure encryption, minimal data retention and transparent consent processes.
  4. Standardisation and integration – While FIDO2 is widely supported, legacy systems may need updates to support passkeys. Ongoing work by standards bodies aims to standardise externalised authorisation and event sharing. Organisations may also need to integrate passwordless methods with existing identity providers and single sign‑on platforms.
  5. Residual password exposure – As long as accounts support both passwords and passkeys, they remain vulnerable to credential compromise. Microsoft emphasises that the ultimate goal is to remove passwords completely and rely solely on phishing‑resistant credentials. Transition plans should include retiring password support once passkey adoption reaches critical mass.

Conclusion

The authentication and security sector is undergoing a fundamental shift in 2025. The rise of passkeys and passwordless authentication addresses long‑standing vulnerabilities inherent in passwords, offering a secure and user‑friendly alternative. With billions of passkey‑enabled accounts, widespread device readiness and predictions that 25 % of top websites will support passkeys by year‑end [2], the momentum is undeniable. Market projections show that passwordless solutions will be a multi‑billion‑dollar industry by 2033 [1], and real‑world deployments—from Amazon and Google to governments—demonstrate tangible benefits like reduced fraud, faster logins and lower support costs [4].

At the same time, AI‑augmented identity management, biometric encryption and continuous behavioural authentication are emerging as complementary technologies that will further strengthen digital identities. Organisations must plan for a transition that addresses technical, educational and regulatory challenges, but the benefits are clear: a passwordless future promises greater security, improved user experiences and operational efficiencies. In a landscape where credential‑based attacks dominate, killing the password is no longer a hypothetical goal—it is a strategic imperative for 2025 and beyond.

References

  1. Straits Research. Passwordless Authentication Market Projected to Exceed USD 21.81 Billion by 2025. 2025.
  2. FIDO Alliance. More than one billion passkey users and 15 billion accounts enabled.
  3. iFeeltech. Passkeys 2025: Secure Authentication Without Passwords.
  4. Biometric Update. Passkeys build momentum, enabling access to 15 billion online accounts.
  5. Corbado. State of Passkeys (July 2025).
  6. Avatier. Trends to Watch: The Rise of AI‑Augmented IAM in 2025.
  7. Splashtop. Top 12 Cyber Security Trends and Predictions for 2025.
  8. JumpCloud. Passwordless Authentication Adoption Trends in 2025.
To top