Passkeys: A Trifecta of Benefits for Easier and Safer Online Shopping

The importance of efficient and secure online retail experiences is more crucial than ever. Retailers face the challenge of not only attracting customers but also ensuring their online journey is seamless and secure. Online shoppers have more options at their fingertips than ever and have developed a fickle tolerance for user experiences they consider clumsy, slow or just plain inconvenient. Passwords are at the heart of the issue and account for 30% of all abandoned online purchases.

Proper security is imperative to any business’ bottom line and the integrity of their brand, but how can that be achieved without increasing the burden on the end consumer? Enter passkeys.

The Trifecta for Retailers: Security, Revenue and User Experience

Passkeys are the perfect triple play for retailers: they offer enhanced security, improved user experience, and they help maximize revenue.

Enhanced Account Security

Passkeys follow WebAuthn API security standards developed by the FIDO Alliance — the leading industry association, with a mission to help reduce the world’s over-reliance on passwords (1Password is an active member of the Alliance.)

Every passkey has two parts: a public key that’s shared with the website or app that the user is trying to access, and a private key that never leaves the user’s device. Because of this, it’s nearly impossible to reverse-engineer one key from the other, or for hackers to guess or intercept, because the keys are randomly generated and never shared during the sign-in process.

On top of that, passkeys are domain-specific. A unique key pair is created for every website, service and app that the consumer needs to access, and is tied to a specific site or application. This eliminates a major phishing avenue, as users can’t “accidentally” enter a passkey credential into a lookalike domain. As a result, passkeys essentially render phishing attacks obsolete by removing the “reward” that hackers are after: user credentials.

Passkeys also relieve retailers from the responsibility of storing sensitive passwords. A favorite tactic among hackers is to target retailers with credential-based attacks. Passkeys make these attacks moot and give CISOs one less thing to worry about.

Improved User Experience

Research indicates that consumers may abandon their carts if there’s friction throughout the buying process. Passwords are a culprit in this regard, leaving 70% of customers feeling frustrated. On the other hand, passkeys streamline the login process and have been found to be 2X faster to use than passwords

Passkeys are a highly secure form of passwordless authentication that are typically unlocked using methods consumers already use to unlock their devices, like Face ID, Android fingerprint or Windows Hello. By utilizing an authentication experience that consumers already are familiar with, passkeys counteract what would typically be a clunky checkout process.

Passkeys also remove human error from the equation — there’s nothing to generate, memorize, or worse, write down on a sticky note. Ecommerce customers may only visit a store once or twice a year, but even if they do remember their passwords, there will always be the agony of having to reset one’s login details. The good news is that passkeys eliminate this problem.

Many sites also require frequent password updates due to security standards or policies they abide by. Passkeys eliminate this once necessary but unwelcomed friction, leading to an improved user experience, deeper customer loyalty and higher conversion rates.

Maximized Revenue and Reduced Expenses

It’s a simple equation — users who can’t log in, can’t check out. Abandoned carts cost retailers as much as $136 billion in revenue annually. Conversely, consumers may buy more if the checkout experience requires minimal effort. Passkeys are 4X more likely to lead to a successful login, creating a sleek, frictionless user experience to keep customers from leaving a site for another one that offers a faster and more straightforward experience.

Passkeys also can significantly reduce security operation and implementation, particularly for companies that utilize SMS texts for secure two-factor authentication (2FA). The estimated cost to implement, operate and maintain these systems are roughly six cents per text in the U.S. (and significantly more in many other countries), and passkey systems eliminate these expenses from the authentication process and improve the bottom line.

Tech and Retail Leading the Way in Passkey Adoption

Last year, technology leaders like Apple, Microsoft and Google announced plans to move toward passwordless authentication, representing a cohort of early adopters that see the security and convenience benefits that passkeys can offer. Apple rolled out passkey support via the iCloud Keychain in macOS Ventura and iOS 15 in June 2022, and Google announced support for passkeys on Chrome and Android in May2023.

But in order for passkeys to become mainstream, we need to cross the chasm to the early majority in the market in order for the technology to take off — and this is where the ecommerce sector is setting the pace in 2024.

Leading ecommerce vendors have taken varied approaches to implementation to improve adoption among their core customers. Best Buy has taken a conservative approach to implementing passkeys, opting to keep the familiar account registration process with a username and password while allowing more users to add a passkey in their account settings.

Home Depot has a similar initial registration process where users must register an account with a password first. However, they continue to prompt users on subsequent visits to implement a passwordless login. This subtle nudge can be an effective tactic for transitioning users to passwordless logins over time.

Kayak is taking a more assertive approach to its login flow, offering a fully passwordless experience from the account registration process. It’s easy to see how this more straightforward implementation may be better received with its digitally native business model.

What ecommerce vendors can learn from this is that it’s critical to understand their audience’s aptitude and appetite for change, and implement the rollout in a way that is best-suited for their market.

The Future of Passkeys

It’s in retailers’ best interest to remove friction from the purchasing process, and simplifying logins and registration is a great place to start. Passkeys improve security and ease of use by eliminating the most likely point of failure — human error. By relying on a user’s physical device and biometrics rather than their memory or ability to type, retailers can offer a sleeker, more efficient experience that will help them improve their bottom line and drive consumer loyalty.

Anna Pobletts is the Head of Passwordless at 1Password. In her role, she oversees the company’s passwordless solutions, with a focus on bringing passkeys to enterprises and consumers around the world. Previously, Pobletts was the Co-founder and CTO of Passage Identity, a developer-first passwordless authentication company, which was acquired by 1Password in November 2022. Pobletts is passionate about security and creating a safer, human-centric online experience. For over a decade, her work has been focused on identity, cryptography and application security.