Big Tech

New website names and shames companies that still don’t offer passkeys to users

New website names and shames companies that still don’t offer passkeys to users

**A recent analysis reveals a significant cybersecurity gap: nearly a quarter of the world’s most popular websites still do not support passkeys, despite their recognized superiority in secure authentication.** This oversight leaves millions of users vulnerable to common login threats and raises questions about corporate commitment to user security, particularly as a new watchdog site begins to publicly highlight these shortcomings.

## The State of Passkeys: New Site Exposes Major Security Gaps Among Top Websites

In an era increasingly plagued by data breaches and sophisticated phishing attacks, the call for more robust online security has never been louder. Passkeys, heralded as the most secure and user-friendly method for logging into digital services, represent a significant leap forward. However, a newly launched website has brought to light a concerning reality: a substantial 24% of the most popular websites globally have yet to adopt this crucial security measure. This initiative effectively “names and shames” companies lagging behind, pushing for greater accountability in safeguarding user data.

### The Passkey Imperative: Why This Matters

The technology community widely agrees that passkeys offer a superior alternative to traditional passwords. Their absence on a significant number of popular platforms indicates a critical vulnerability for users and a potential blind spot for the companies involved.

#### A Paradigm Shift in Security

Passkeys eliminate the need for users to remember complex passwords, replacing them with cryptographic key pairs linked to a specific device. This fundamental shift makes them virtually phishing-proof and resistant to credential stuffing attacks, which are common tactics used by cybercriminals.

Here’s why passkeys are a game-changer:
* **Phishing Resistance:** Unlike passwords, passkeys cannot be tricked into being entered on a fake website, as they are cryptographically bound to the legitimate site.
* **No Passwords to Leak:** There’s no secret string of characters to be stolen from a server breach, eliminating a major attack vector.
* **Device-Bound Security:** Access is typically authenticated via a user’s biometric (fingerprint, face scan) or PIN on their personal device, adding an extra layer of security.
* **User-Friendly:** Simplifies the login process, often requiring just a quick biometric scan.
* **Cross-Platform Compatibility:** Built on FIDO standards, passkeys are designed to work across various operating systems and browsers.

#### The Current Landscape: A Quarter Lagging

The findings from the new watchdog site are stark: one in four widely-used digital platforms has not yet implemented passkey support. While the specific list of companies is extensive, the analysis identified companies across various sectors, including social media, e-commerce, banking, and streaming services, that continue to rely solely on less secure authentication methods. This highlights a critical chasm between cutting-edge security recommendations and practical implementation in the industry.

### User Implications and Corporate Responsibility

The absence of passkey support isn’t just a technical oversight; it has tangible consequences for user security and reflects a broader challenge in corporate responsibility.

#### The Risk to Users

For users, logging into a website without passkey support means continued reliance on passwords, which remain the weakest link in the cybersecurity chain. This perpetuates the risk of:
* **Credential Stuffing:** Automated attacks using stolen username/password combinations from other breaches.
* **Phishing Scams:** Deceptive emails or websites designed to trick users into revealing their passwords.
* **Data Breaches:** Passwords stored on company servers are targets for hackers, potentially exposing vast amounts of user data.

#### Driving Adoption: The Path Forward

The reasons for slow adoption can be multifaceted, ranging from the perceived complexity of implementation and the cost of upgrading legacy systems to a lack of immediate pressure from regulators or consumers. However, as the digital landscape evolves, so too must the standard for user security. Initiatives like this new “shaming” site play a crucial role in raising awareness and fostering competitive pressure among companies. The broader industry, including the FIDO Alliance and tech giants like Apple, Google, and Microsoft, are actively promoting passkey adoption, making it easier for developers to integrate this technology.

### Understanding Passkeys: A Quick Explainer

At its core, a passkey is a digital credential that allows you to sign in to websites and apps without typing a password. When you create a passkey for a service, your device generates a unique pair of cryptographic keys: a public key stored with the service, and a private key securely stored on your device (e.g., in Apple Keychain, Google Password Manager, or a dedicated passkey manager). When you try to log in, your device uses the private key to prove your identity to the service, typically after a quick biometric verification (fingerprint, face scan) or PIN entry.

## Frequently Asked Questions (FAQ)

### What exactly is a passkey and why is it more secure than a password?

A passkey is a cryptographic credential that allows you to log in to online services without a traditional password. It consists of a unique public-private key pair generated on your device. It’s significantly more secure than a password because it’s resistant to phishing, as it’s cryptographically bound to the legitimate website, and there’s no password string for hackers to steal from server breaches. Your login is authenticated by your device, often using biometrics or a PIN, rather than relying on a memorable secret.

### How can I check if a website supports passkeys?

Typically, websites offering passkey support will present an option like “Sign in with a passkey,” “Create a passkey,” or “Add a passkey” within their login or security settings. You might also encounter it during the initial signup process. Look for the FIDO Alliance logo or general passkey branding (e.g., a key icon) near login fields or in security menus. If unsure, checking the website’s help documentation or support pages can provide clarity.

### What should users do if their preferred websites don’t offer passkeys?

If your go-to websites don’t yet support passkeys, you should still prioritize strong security. First, provide feedback to the company, indicating your desire for passkey support. In the meantime, ensure you use a unique, strong password for that service and enable multi-factor authentication (MFA) or two-factor authentication (2FA) if available. MFA adds a crucial layer of security, typically requiring a code from an authenticator app or an SMS, even if your password is compromised.

Elons Father

Elons Father is a dedicated technology journalist and AI researcher. Specializing in advanced algorithms, autonomous systems, and the future of tech, he provides deep, unbiased analysis on the industry's most critical developments.

Leave a Comment

Your email address will not be published. Required fields are marked *