How passkeys are changing authentication in large organizations

Current state of passkey deployments in large organizations: benefits, challenges and results

Why are passkeys the future of authentication?

Passkeys is a modern authentication standard that is rapidly gaining popularity among large organizations. Using public key cryptography and complying with FIDO standards, passkeys offer security, resistance to phishing and simplify the login process for users. Unlike traditional passwords or one-time passcodes, passkeys eliminate the risk of credential theft and significantly reduce costs associated with user support.

More and more companies in various industries are introducing passkeys as an authentication standard. Below we have collected examples of organizations that have successfully implemented this solution.

---

Results of passkey deployments in large organizations

Aflac: rapid adoption in the insurance industry

It is one of the largest insurance companies in the US, with about 5,000 employees and millions of customers. In terms of cyber security, the insurance sector is often the target of hacking attacks, making the implementation of passkeys a key part of its strategy to protect customers and reduce the risk of fraud.

Results:

• 32% adoption among users within a few days, far exceeding the 10% target.
• 96% login success rate, which reduced the number of reports related to login problems.
• No crashes or failed login attempts after deployment.

PayPal: Scaling security at global payments leader

It serves more than 400 million users worldwide and is one of the largest players in the fintech industry. Cyber security is a key aspect of PayPal’s business, especially in the context of fighting phishing and account takeover scams. The implementation of passkeys is a step toward even more effective transaction protection.

Results:

• A 70% reduction in account takeovers, which significantly reduced fraud losses.
• 10% higher login efficiency, which translated into greater user convenience and reduced support department interventions.

TikTok: Seamless login for millions of users

It’s a global social networking platform with more than 1.6 billion users. TikTok’s cyber-security is crucial, especially in terms of protecting personal data and authenticating users at scale. Reducing the use of SMS one-time codes reduces operational costs and the risk of SIM-swapping attacks.

Results:

• 97% login success rate, which surpassed traditional MFA methods.
• 14% of global adoption, a significant achievement with the introduction of the new authentication standard.
• Reducing the use of SMS one-time codes by 2%, which significantly reduced costs for such a large scale of operations.

UBank: Meeting customer expectations in the banking sector.

Australian digital bank serving hundreds of thousands of customers. Digital banks are particularly vulnerable to identity takeover fraud, so deploying passkeys helps protect customers from phishing and login data attacks.

Results:

• Effective integration with users’ devices for seamless and convenient login.
• Protecting customers from impersonation scams, especially relevant in the context of the $2.7 billion in fraud losses in Australia in 2023.

---

Challenges of passkey implementation

The implementation of passkeys in large organizations brings with it a number of challenges that need to be addressed in order to make the process run smoothly and ensure user satisfaction.

1. cross-platform compatibility

One of the main challenges is the lack of full interoperability between ecosystems such as Apple, Google and Microsoft. Users may encounter difficulties when trying to access accounts on different devices or operating systems. For example, someone moving from an iPhone to an Android device may have trouble transferring their passkeys. The solution to this problem is to improve synchronization between ecosystems, which requires close cooperation between technology providers.

2 Compliance with laws and regulations

Data protection regulations, such as the RODO or CCPA, require organizations to ensure the security of user data, regardless of location. In some countries, there are restrictions on data storage, which can affect the authentication process. The solution is user ID mapping technology, which allows authentication methods to be adapted to regional regulatory requirements. For example, data storage regulations in different geographic regions can impede access for users traveling between countries. User ID mapping technology allows authentication processes to be tailored to regional requirements.

3. user education and adoption

Convincing users to use passkeys instead of traditional methods such as passwords or SMS one-time codes is a significant challenge. Users often prefer familiar solutions, even if they are less secure, and lack of knowledge about the advantages of passkeys can cause resistance to change. An example of an effective approach is to study user demographics and tailor educational messages to their needs, with positive results. Simplified registration processes and intuitive interfaces, as with some apps, help increase adoption.

4. solving edge cases

Managing scenarios such as handling multiple accounts or frequent switching between devices can be a challenge when implementing passkeys. To overcome this, it’s worth implementing dedicated login processes for more complex scenarios and testing edge cases regularly to avoid problems on the user side.

In conclusion, while there are some challenges to implementing passkeys in large organizations, the right approach and cooperation with technology providers can ensure a smooth and secure transition to this modern authentication method.

---

Why act now?

Passkeys are quickly becoming the standard for authentication in large organizations. Thanks to their advantages – such as eliminating phishing risks, reducing costs and improving the user experience – their implementation is virtually inevitable. Companies that delay too long risk falling behind, both in terms of security and customer expectations.

---

How can Secfense help?

Secfense makes it easy to deploy passkeys in large organizations without having to modify existing infrastructure. Our User Access Security Broker technology allows companies to move to passwordless authentication in a seamless and regulatory-compliant manner.

• Security and compliance – Our solution supports the FIDO2 standard and ensures compliance with regulations such as DORA, NIS2 and RODO, eliminating the risks associated with phishing and user account takeover.
• Easy integration – Secfense allows organizations to introduce passkeys without changes to application code and without interfering with existing authentication systems.
• Reduced operational costs – By eliminating passwords, companies reduce the number of calls to IT support related to password resets and login problems.

---

Summary: Passkeys are the future of authentication

Examples from companies such as Aflac, PayPal, TikTok and UBank show that implementing passkeys is not only an improvement in security, but also a tangible operational and financial benefit. Companies that already invest in passwordless authentication gain a competitive advantage and increase user trust.

Want to learn how to implement passkeys in your organization?

• Contact Secfense and see how we can help you migrate to passwordless authentication.
• Watch our webinar, for details on how to implement passkeys in companies.

Sources:

• Secure Payments with Passkeys Is Now Available on PayPal for Google Android Devices | PayPal
• TikTok Passkeys for Login: The more secure way to log into your TikTok account | Tiktok
• Ubank introduces simple and secure app log in with passkeys | Ubank
• Aflac’s shift to passkeys brings big business benefits | CSO