What issuing and verifying millions of passkeys has taught us at Authsignal

Since late 2022, when Apple launched passkey support with iOS 16, Authsignal has been among the early champions helping enterprise customers embrace passkeys. As every new technology requires time to be widely adopted, we've had the privilege of guiding organizations through this transition. Today, with millions of passkey transactions under our belt and real-world deployment data from enterprises across financial services, healthcare, and hospitality worldwide, we can confidently say the passwordless future has arrived sooner than anyone expected.

At Authsignal, we've been at the forefront of this transformation, helping organizations transition from password-dependent authentication to secure, user-friendly passkeys. Our journey has yielded invaluable insights about user behavior, adoption patterns, and the practical realities of implementing passkeys at scale.

‍

Passkeys are going mainstream

Our internal data from processing millions of authentication challenges gives some great insights. Based on a sample of one million transactions in 2025, passkeys now account for 62% of all authentication challenges, compared to just 33% for SMS and a smaller percentage for other methods like authenticator apps and email OTPs. Even more striking is the performance of passkey autofill, which makes up 65% of all authentication challenges, indicating that users prefer the seamless experience passkeys provide.

This mirrors broader industry trends. More than 1 billion people have activated at least one passkey according to the FIDO Alliance, with consumer awareness jumping from 39% to 57% in just two years. The FIDO Alliance reports that when consumers adopt at least one passkey, 1 out of 4 enables passkeys whenever possible.

‍

Device readiness

One of the biggest misconceptions we encounter is that users aren't ready for passkeys. Over 95% of all iOS and Android devices are passkey-ready, with over 90% having passkey functionality enabled. The infrastructure is there, the devices support it, and users are increasingly comfortable with biometric authentication from unlocking their phones daily.

This high device readiness has been crucial to successful deployments. When organizations understand that the vast majority of their users can already use passkeys, it removes a major barrier to implementation. With Windows soon supporting synced passkeys, all major operating systems ensure users can securely and effortlessly access their credentials across devices.

‍

Users embrace what they understand

Perhaps our most significant learning has been about user trust and adoption patterns. Contrary to popular belief, users readily adopt passkeys when presented correctly. Our data shows that the majority of customers opt in when offered passkeys, with some demographics showing particularly strong adoption rates.

One of our flagship enterprise customers, achieved over 30% of customers opting for passkeys upon prompt, with a 5-10% drop in calls to the customer service center after implementation. This wasn't just a technical win; it was proof that users appreciate both the security and convenience benefits passkeys offer.

The messaging matters tremendously. We've learned that emphasizing speed and convenience resonates far more than technical security details. Users understand "faster logins" and "no more passwords to remember" much better than cryptographic explanations.

‍

Surprising insights about older demographics

One of our most interesting discoveries challenges common assumptions about age and technology adoption. While younger users are quick to adopt new technologies, we've found that older demographics are more receptive to passkeys than many expect, particularly when the benefits are clearly communicated.

Interestingly, while 54% and 61% of 18-24 and 25-34-year-olds respectively noticed scams getting smarter, only a third of 55-64-year-olds and 25% of 65+ said the same. This suggests that while older users may be less aware of emerging threats, they're also less resistant to security improvements when properly introduced.

The key is presentation and education. Older users often appreciate the elimination of complex password requirements and the familiar feel of using their fingerprint or face recognition, which they already use to unlock their devices.

‍

The multi-platform imperative

Our experience has shown that the best opportunity for passkey success lies in ensuring rollout across both mobile and web platforms simultaneously. Users expect consistency in their authentication experience across devices, and offering passkeys on only one platform creates confusion and reduces adoption.

As one customer's team noted, Authsignal's out-of-the-box UI was "a significant advantage. It allowed us to implement security without needing extensive customization". This plug-and-play approach enabled rapid deployment across multiple touchpoints, including mobile apps, websites, and even call centers.

The integration approach matters significantly. Native platform APIs create trust and familiarity, while third-party solutions often feel foreign to users. We've invested heavily in ensuring our passkey implementations feel native to each platform while maintaining security standards.

‍

Real-world impact

The business impact of passkey implementations extends far beyond just authentication. Organizations report substantial operational benefits:

• Reduced support costs: Help desk password reset calls dropped by 1,300 in a month for organizations with 100k devices enrolled in passkeys
• Improved conversion rates: Two-thirds of new KAYAK sign-ups choose passkeys, reducing sign-up and sign-in time by 50%
• Faster authentication: Microsoft found that signing in with a passkey is three times faster than using a traditional password and eight times faster than a password and traditional multifactor authentication

These aren't just technical metrics; they represent real improvements in user experience and business outcomes.

‍

What we've learned

After millions of transactions and dozens of enterprise deployments, several key lessons have emerged:

Timing is everything: The best adoption rates occur when passkeys are offered immediately after a strong authentication event, like completing an OTP challenge. Users are already in a security mindset and more receptive to upgrading their authentication method.

Start with high-value users: Rather than rolling out to everyone at once, prioritizing users with access to sensitive data or frequent authentication needs creates champions who appreciate the benefits most.

Education accelerates adoption: Simple, clear communication about benefits drives adoption. Focus on user benefits rather than technical features.

Gradual rollout works best: Phased implementations allow for feedback incorporation and reduce support burden while building confidence in the technology.

Want to see passkeys in action? You can experience a real-world passkey implementation by signing up for an Air New Zealand account or downloading their mobile app to try the passkey uplift flow yourself.

‍

The regulatory tailwind

Regulatory developments are accelerating passkey adoption globally. The US National Institute of Standards and Technology (NIST) has updated its guidelines for 2025, mandating phishing-resistant multi-factor authentication (including standards like WebAuthn and FIDO2) for all federal agencies.

Australia and New Zealand have been particularly progressive, with major enterprises and government platforms implementing passkeys, making passkeys available to close to 30 million people across the region.

‍

The passwordless future

Passkeys are no longer an emerging technology but a mature, user-ready solution. By 2027, some experts predict that passkeys will become the dominant form of online authentication, surpassing both traditional passwords and conventional multi-factor authentication methods.

For organizations still evaluating passkeys, the question isn't whether to implement them, but how quickly they can get started. The infrastructure is ready, users are willing, and the business benefits are proven.

At Authsignal, we're proud to have been part of this transformation from the beginning. From our early enterprise deployments to securing millions of transactions today, we've seen firsthand how passkeys can transform both security and user experience.

The passwordless future isn't coming, it's here. And the organizations that embrace it now will lead their industries in both security and user satisfaction.

‍

Join the passwordless revolution

If you're interested in learning more about how passkeys can transform your authentication experience, watch our video featuring world-leading airline's implementation journey or explore our comprehensive guide to implementing passkeys in your organization.

The future of authentication is passwordless, and it's available today.