Increased security on the web comes with increased usability. A somewhat obvious, yet long-accepted hindrance to both safety and user experience are passwords. Passwords are disliked by developers and users alike; their downsides range from serious security risks to irritating friction along the user journey. With potential added value on both the front and backend, it only makes sense that a safer, faster way to facilitate login is being rolled out across the web.

Enter: the passkey. Passkeys are easy and safe ways to sign in to apps and websites with a biometric sensor, such as a fingerprint or facial recognition, PIN, or a pattern. That means no typing and no memory games. They’re able to meet multi-factor authentication requirements in just one step — meaning one less drop-off point for users and cost-savings for businesses.

Passkeys are developed by FIDO Alliance, an open industry association on a mission to develop and standardize technical specifications that reduce the reliance on passwords. They are based on public key cryptography and they are highly phishing resistant. Each passkey can only be used for the same service it's created on, it is bound to a website or app's identity, making them safe from phishing attacks. And they can be implemented in both web apps and native apps.

Now that passwordless technologies, such as WebOTP API and passkeys, are more widely available, it's time to start upgrading your authentication systems. For developers, passkeys enable improvements across conversion and site security.  For users, they offer speed and convenience. Not only are passkeys easy to set up, they are backed up and synchronized by device’s credential manager, so users can easily switch to a new device.

Yahoo! JAPAN is a part of LY Corporation, one of the largest media companies in Japan and sees over 55 million user logins every month. With such staggering user numbers, security against password list attacks and phishing scams are a top priority for the site. To improve security as well as usability without placing any extra burden on users, Yahoo! JAPAN has gone passwordless with passkeys.

Today their passwordless login is supported across all the major browsers and operating systems: from Android (mobile app and web) and iOS (mobile app and web) to Windows (Edge, Chrome, Firefox), and macOS (Safari, Chrome).

Since they began their initiative, more than 10 million users have set up passkey authentication. The efforts have led to a 25% drop in inquiries concerning forgotten login IDs or passwords, when compared to the peak period of such queries. The expansion of passwordless accounts has also contributed to a noticeable decline in unauthorized access attempts.

Other sites are seeing significant impacts as a result of passkey implementation, as well. Shopify and PayPal for example, have rolled out support for passkeys in their payment flows that have led to more frictionless conversion and a decreased dependency on SMS or email verifications.

To get started with passkeys, web developers can use the Web Authentication API, or WebAuthn. There are also a number of libraries available for TypeScript, Ruby, Rust and other languages.