Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Blog
/
Current article

What issuing and verifying millions of passkeys has taught us at Authsignal

Last Updated:
August 14, 2025
Ashutosh Bhadauriya
What issuing and verifying millions of passkeys has taught us at Authsignal
AWS Partner
Authsignal is an AWS-certified partner and has passed the Well-Architected Review Framework (WAFR) for its Cognito integration.
AWS Marketplace

Since late 2022, when Apple launched passkey support with iOS 16, Authsignal has been among the early champions helping enterprise customers embrace passkeys. As every new technology requires time to be widely adopted, we've had the privilege of guiding organizations through this transition. Today, with millions of passkey transactions under our belt and real-world deployment data from enterprises across financial services, healthcare, and hospitality worldwide, we can confidently say the passwordless future has arrived sooner than anyone expected.

At Authsignal, we've been at the forefront of this transformation, helping organizations transition from password-dependent authentication to secure, user-friendly passkeys. Our journey has yielded invaluable insights about user behavior, adoption patterns, and the practical realities of implementing passkeys at scale.

Passkeys are going mainstream

Our internal data from processing millions of authentication challenges gives some great insights. Based on a sample of one million transactions in 2025, passkeys now account for 62% of all authentication challenges, compared to just 33% for SMS and a smaller percentage for other methods like authenticator apps and email OTPs. Even more striking is the performance of passkey autofill, which makes up 65% of all authentication challenges, indicating that users prefer the seamless experience passkeys provide.

This mirrors broader industry trends. More than 1 billion people have activated at least one passkey according to the FIDO Alliance, with consumer awareness jumping from 39% to 57% in just two years. The FIDO Alliance reports that when consumers adopt at least one passkey, 1 out of 4 enables passkeys whenever possible.

Device readiness

One of the biggest misconceptions we encounter is that users aren't ready for passkeys. Over 95% of all iOS and Android devices are passkey-ready, with over 90% having passkey functionality enabled. The infrastructure is there, the devices support it, and users are increasingly comfortable with biometric authentication from unlocking their phones daily.

This high device readiness has been crucial to successful deployments. When organizations understand that the vast majority of their users can already use passkeys, it removes a major barrier to implementation. With Windows soon supporting synced passkeys, all major operating systems ensure users can securely and effortlessly access their credentials across devices.

Users embrace what they understand

Perhaps our most significant learning has been about user trust and adoption patterns. Contrary to popular belief, users readily adopt passkeys when presented correctly. Our data shows that the majority of customers opt in when offered passkeys, with some demographics showing particularly strong adoption rates.

One of our flagship enterprise customers, achieved over 30% of customers opting for passkeys upon prompt, with a 5-10% drop in calls to the customer service center after implementation. This wasn't just a technical win; it was proof that users appreciate both the security and convenience benefits passkeys offer.

The messaging matters tremendously. We've learned that emphasizing speed and convenience resonates far more than technical security details. Users understand "faster logins" and "no more passwords to remember" much better than cryptographic explanations.

Surprising insights about older demographics

One of our most interesting discoveries challenges common assumptions about age and technology adoption. While younger users are quick to adopt new technologies, we've found that older demographics are more receptive to passkeys than many expect, particularly when the benefits are clearly communicated.

Interestingly, while 54% and 61% of 18-24 and 25-34-year-olds respectively noticed scams getting smarter, only a third of 55-64-year-olds and 25% of 65+ said the same. This suggests that while older users may be less aware of emerging threats, they're also less resistant to security improvements when properly introduced.

The key is presentation and education. Older users often appreciate the elimination of complex password requirements and the familiar feel of using their fingerprint or face recognition, which they already use to unlock their devices.

The multi-platform imperative

Our experience has shown that the best opportunity for passkey success lies in ensuring rollout across both mobile and web platforms simultaneously. Users expect consistency in their authentication experience across devices, and offering passkeys on only one platform creates confusion and reduces adoption.

As one customer's team noted, Authsignal's out-of-the-box UI was "a significant advantage. It allowed us to implement security without needing extensive customization". This plug-and-play approach enabled rapid deployment across multiple touchpoints, including mobile apps, websites, and even call centers.

The integration approach matters significantly. Native platform APIs create trust and familiarity, while third-party solutions often feel foreign to users. We've invested heavily in ensuring our passkey implementations feel native to each platform while maintaining security standards.

Real-world impact

The business impact of passkey implementations extends far beyond just authentication. Organizations report substantial operational benefits:

  • Reduced support costs: Help desk password reset calls dropped by 1,300 in a month for organizations with 100k devices enrolled in passkeys
  • Improved conversion rates: Two-thirds of new KAYAK sign-ups choose passkeys, reducing sign-up and sign-in time by 50%
  • Faster authentication: Microsoft found that signing in with a passkey is three times faster than using a traditional password and eight times faster than a password and traditional multifactor authentication

These aren't just technical metrics; they represent real improvements in user experience and business outcomes.

What we've learned

After millions of transactions and dozens of enterprise deployments, several key lessons have emerged:

Timing is everything: The best adoption rates occur when passkeys are offered immediately after a strong authentication event, like completing an OTP challenge. Users are already in a security mindset and more receptive to upgrading their authentication method.

Start with high-value users: Rather than rolling out to everyone at once, prioritizing users with access to sensitive data or frequent authentication needs creates champions who appreciate the benefits most.

Education accelerates adoption: Simple, clear communication about benefits drives adoption. Focus on user benefits rather than technical features.

Gradual rollout works best: Phased implementations allow for feedback incorporation and reduce support burden while building confidence in the technology.

Want to see passkeys in action? You can experience a real-world passkey implementation by signing up for an Air New Zealand account or downloading their mobile app to try the passkey uplift flow yourself.

The regulatory tailwind

Regulatory developments are accelerating passkey adoption globally. The US National Institute of Standards and Technology (NIST) has updated its guidelines for 2025, mandating phishing-resistant multi-factor authentication (including standards like WebAuthn and FIDO2) for all federal agencies.

Australia and New Zealand have been particularly progressive, with major enterprises and government platforms implementing passkeys, making passkeys available to close to 30 million people across the region.

The passwordless future

Passkeys are no longer an emerging technology but a mature, user-ready solution. By 2027, some experts predict that passkeys will become the dominant form of online authentication, surpassing both traditional passwords and conventional multi-factor authentication methods.

For organizations still evaluating passkeys, the question isn't whether to implement them, but how quickly they can get started. The infrastructure is ready, users are willing, and the business benefits are proven.

At Authsignal, we're proud to have been part of this transformation from the beginning. From our early enterprise deployments to securing millions of transactions today, we've seen firsthand how passkeys can transform both security and user experience.

The passwordless future isn't coming, it's here. And the organizations that embrace it now will lead their industries in both security and user satisfaction.

Join the passwordless revolution

If you're interested in learning more about how passkeys can transform your authentication experience, watch our video featuring world-leading airline's implementation journey or explore our comprehensive guide to implementing passkeys in your organization.

The future of authentication is passwordless, and it's available today.

Try out our passkey demo
Passkey Demo
Have a question?
Talk to an expert
Related Resources
No items found.
NewsletterDemo PasskeysView docs
Passkeys
Authsignal
Passwordless authentication
Analysis
You might also like
Webinar July 2025 - Building high-trust in the age of AI-powered fraud
August 13, 2025
Discover how to build high-trust authentication in the age of AI-powered fraud. Learn why traditional MFA is failing, and how phishing-resistant passkeys and high-assurance biometrics can protect against deepfakes, session hijacking, and evolving cyber threats.
AI
Fraud awareness
Biometric authentication
What happens when your passkey device is lost? Understanding recovery and device sync
July 25, 2025
Losing a device with your passkeys isn’t as catastrophic as many fear. Thanks to cloud sync, cross-device authentication, and advanced recovery methods, your access and security remain intact. Learn how Apple, Google, and others handle device loss, and the best practices to keep users safe in a passwordless world.
Passkeys
Synced passkeys
Passkey recovery
Passkeys implementation
How modern authentication is fixing call center security and customer experience
July 18, 2025
Discover how modern authentication is transforming call center security and customer experience. Learn about passkeys, biometrics, and phishing-resistant solutions that reduce call times while preventing fraud.
Call center authentication
Passkeys
Biometric authentication

Secure your customers’ accounts today with Authsignal

Passkey demoCreate free account

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOCFido Certified
LinkedInTwitter
Passwordless / multi-factor authentication (MFA)
Pre-built UI (low code)UI components (customizable)Custom UI (flexible)
Why Authsignal?
Drop-in authentication
PasskeysBiometric authenticationWhatsApp OTPSMS OTPEmail OTPMagic linksAuthenticator apps (TOTP)Push authenticationPalm biometrics
Rules and policies engine
User observability
Industries
Financial services
Marketplace
e-Commerce
FinTech
Crypto
View all industries
Teams
Engineers
Use cases
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
View all use cases
Identity providers (IDPs)
Amazon Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
C#
Java
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
BlogDeveloper docsFree Figma mobile passkeys templateFree Figma desktop passkeys templateFree Figma webapp passkeys templatePress releasesAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies