Platform
Platform
Drop-In Authentication
Passkeys
Phishing-resistant, FIDO2/WebAuthn
Biometric authentication
Face and device-native biometrics
WhatsApp OTP
Global reach, lower cost than SMS
Email OTP
Universal second factor
App push authentication
Native device push notifications
Palm biometrics
Contactless identity verification
All authentication methods
KEY FEATURES
No-code rules engine
Step-up auth, risk policies, alerts
User observability
Audit trails, dynamic linking
Risk-based authentication
Adaptive MFA by context
Session management
Persistent sessions across channels
Digital credentials API
Verify sovereign digital IDs
Pre-built UI
Fastest deployment path
Passkeys
Deploy phishing-resistant passkeys across web and mobile in days
Solutions
Solutions
USE CASE
Account Takeover Prevention
Stop ATO without adding friction
Go Passwordless
Replace passwords with passkeys
Account Recovery
Secure self-service recovery flows
Call Centre Authentication
Verify callers without KBA
SMS Cost Optimisation
Cut OTP costs up to 90%
Existing Apps (Drop-In)
Add auth without re-architecting
Palm biometric payments
Contactless in-store payments
INDUSTRY
Financial Services & Banking
Secure high-value transactions
Healthcare
Authentication for ePHI access
Loyalty Programs
Protect points and member accounts
ROLE
Engineering
Fast integration, flexible SDKs
Product
No-code flows, conversion insights
Cybersecurity
Risk policies, compliance, audit trails
PricingCustomers
Resources
Resources
LEARN
Blog
Guides
Regulatory
Templates
Docs
COMPANY
About Us
Why Authsignal
Partners
Careers
Security
Contact
INTEGRATIONS
Amazon Cognito
Auth0
Azure AD B2C
Custom identity provider
Duende IdentityServer
All integrations
Docs
Start a trial
Book a callLogin
AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

AUS Flag

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!
Right icon
Blog
/
Current article
Passkeys
Authsignal
Passwordless authentication
Analysis

What issuing and verifying millions of passkeys has taught us at Authsignal

Ashutosh Bhadauriya
⬤
August 14, 2025
Share
What issuing and verifying millions of passkeys has taught us at Authsignal

Since late 2022, when Apple launched passkey support with iOS 16, Authsignal has been among the early champions helping enterprise customers embrace passkeys. As every new technology requires time to be widely adopted, we've had the privilege of guiding organizations through this transition. Today, with millions of passkey transactions under our belt and real-world deployment data from enterprises across financial services, healthcare, and hospitality worldwide, we can confidently say the passwordless future has arrived sooner than anyone expected.

At Authsignal, we've been at the forefront of this transformation, helping organizations transition from password-dependent authentication to secure, user-friendly passkeys. Our journey has yielded invaluable insights about user behavior, adoption patterns, and the practical realities of implementing passkeys at scale.

‍

Passkeys are going mainstream

Our internal data from processing millions of authentication challenges gives some great insights. Based on a sample of one million transactions in 2025, passkeys now account for 62% of all authentication challenges, compared to just 33% for SMS and a smaller percentage for other methods like authenticator apps and email OTPs. Even more striking is the performance of passkey autofill, which makes up 65% of all authentication challenges, indicating that users prefer the seamless experience passkeys provide.

This mirrors broader industry trends. More than 1 billion people have activated at least one passkey according to the FIDO Alliance, with consumer awareness jumping from 39% to 57% in just two years. The FIDO Alliance reports that when consumers adopt at least one passkey, 1 out of 4 enables passkeys whenever possible.

‍

Device readiness

One of the biggest misconceptions we encounter is that users aren't ready for passkeys. Over 95% of all iOS and Android devices are passkey-ready, with over 90% having passkey functionality enabled. The infrastructure is there, the devices support it, and users are increasingly comfortable with biometric authentication from unlocking their phones daily.

This high device readiness has been crucial to successful deployments. When organizations understand that the vast majority of their users can already use passkeys, it removes a major barrier to implementation. With Windows soon supporting synced passkeys, all major operating systems ensure users can securely and effortlessly access their credentials across devices.

‍

Users embrace what they understand

Perhaps our most significant learning has been about user trust and adoption patterns. Contrary to popular belief, users readily adopt passkeys when presented correctly. Our data shows that the majority of customers opt in when offered passkeys, with some demographics showing particularly strong adoption rates.

One of our flagship enterprise customers, achieved over 30% of customers opting for passkeys upon prompt, with a 5-10% drop in calls to the customer service center after implementation. This wasn't just a technical win; it was proof that users appreciate both the security and convenience benefits passkeys offer.

The messaging matters tremendously. We've learned that emphasizing speed and convenience resonates far more than technical security details. Users understand "faster logins" and "no more passwords to remember" much better than cryptographic explanations.

‍

Surprising insights about older demographics

One of our most interesting discoveries challenges common assumptions about age and technology adoption. While younger users are quick to adopt new technologies, we've found that older demographics are more receptive to passkeys than many expect, particularly when the benefits are clearly communicated.

Interestingly, while 54% and 61% of 18-24 and 25-34-year-olds respectively noticed scams getting smarter, only a third of 55-64-year-olds and 25% of 65+ said the same. This suggests that while older users may be less aware of emerging threats, they're also less resistant to security improvements when properly introduced.

The key is presentation and education. Older users often appreciate the elimination of complex password requirements and the familiar feel of using their fingerprint or face recognition, which they already use to unlock their devices.

‍

The multi-platform imperative

Our experience has shown that the best opportunity for passkey success lies in ensuring rollout across both mobile and web platforms simultaneously. Users expect consistency in their authentication experience across devices, and offering passkeys on only one platform creates confusion and reduces adoption.

As one customer's team noted, Authsignal's out-of-the-box UI was "a significant advantage. It allowed us to implement security without needing extensive customization". This plug-and-play approach enabled rapid deployment across multiple touchpoints, including mobile apps, websites, and even call centers.

The integration approach matters significantly. Native platform APIs create trust and familiarity, while third-party solutions often feel foreign to users. We've invested heavily in ensuring our passkey implementations feel native to each platform while maintaining security standards.

‍

Real-world impact

The business impact of passkey implementations extends far beyond just authentication. Organizations report substantial operational benefits:

  • Reduced support costs: Help desk password reset calls dropped by 1,300 in a month for organizations with 100k devices enrolled in passkeys
  • Improved conversion rates: Two-thirds of new KAYAK sign-ups choose passkeys, reducing sign-up and sign-in time by 50%
  • Faster authentication: Microsoft found that signing in with a passkey is three times faster than using a traditional password and eight times faster than a password and traditional multifactor authentication

These aren't just technical metrics; they represent real improvements in user experience and business outcomes.

‍

What we've learned

After millions of transactions and dozens of enterprise deployments, several key lessons have emerged:

Timing is everything: The best adoption rates occur when passkeys are offered immediately after a strong authentication event, like completing an OTP challenge. Users are already in a security mindset and more receptive to upgrading their authentication method.

Start with high-value users: Rather than rolling out to everyone at once, prioritizing users with access to sensitive data or frequent authentication needs creates champions who appreciate the benefits most.

Education accelerates adoption: Simple, clear communication about benefits drives adoption. Focus on user benefits rather than technical features.

Gradual rollout works best: Phased implementations allow for feedback incorporation and reduce support burden while building confidence in the technology.

Want to see passkeys in action? You can experience a real-world passkey implementation by signing up for an Air New Zealand account or downloading their mobile app to try the passkey uplift flow yourself.

‍

The regulatory tailwind

Regulatory developments are accelerating passkey adoption globally. The US National Institute of Standards and Technology (NIST) has updated its guidelines for 2025, mandating phishing-resistant multi-factor authentication (including standards like WebAuthn and FIDO2) for all federal agencies.

Australia and New Zealand have been particularly progressive, with major enterprises and government platforms implementing passkeys, making passkeys available to close to 30 million people across the region.

‍

The passwordless future

Passkeys are no longer an emerging technology but a mature, user-ready solution. By 2027, some experts predict that passkeys will become the dominant form of online authentication, surpassing both traditional passwords and conventional multi-factor authentication methods.

For organizations still evaluating passkeys, the question isn't whether to implement them, but how quickly they can get started. The infrastructure is ready, users are willing, and the business benefits are proven.

At Authsignal, we're proud to have been part of this transformation from the beginning. From our early enterprise deployments to securing millions of transactions today, we've seen firsthand how passkeys can transform both security and user experience.

The passwordless future isn't coming, it's here. And the organizations that embrace it now will lead their industries in both security and user satisfaction.

‍

Join the passwordless revolution

If you're interested in learning more about how passkeys can transform your authentication experience, watch our video featuring world-leading airline's implementation journey or explore our comprehensive guide to implementing passkeys in your organization.

The future of authentication is passwordless, and it's available today.

Question icon
Have a question?
Talk to an expert
NewsletterDemo PasskeysView docs
Passkeys
Authsignal
Passwordless authentication
Analysis

You might also like

The passkey UX patterns that drive adoption in 2026
Passkeys
Passkeys implementation

The passkey UX patterns that drive adoption in 2026

July 2, 2026
What is silent network authentication, and how does it work?
Silent Network Authentication
SNA

What is silent network authentication, and how does it work?

June 26, 2026
HIPAA MFA requirements and what to do before the final rule lands
Passkeys
Step up authentication
Adaptive MFA
SMS Alternative

HIPAA MFA requirements and what to do before the final rule lands

July 4, 2026

Secure your customers’ accounts today with Authsignal

Passkey demoCreate free account
Authsignal Purple Logo

Authsignal is a drop-in authentication and orchestration layer for consumer-facing businesses. Passkeys, adaptive MFA, and omnichannel verification on top of your existing identity stack. Deployed in weeks, not quarters.

AICPA SOCFido Certified
LinkedInTwitter
Platform
Drop-In Authentication
PasskeysBiometric authenticationWhatsApp OTPEmail OTPApp push authenticationPalm biometricsSMS OTPEmail OTPMagic LinksAuthenticator apps (TOTP)
View all auth methods
KEY FEATURES
No-code rules engineUser observabilityRisk-based authenticationSession managementDigital credentials APIPre-built UI
All authentication methods
Pricing
Customers
Solutions
USE CASE
Account takeovers (ATO)
Go passwordless
Call center
SMS cost optimization
Existing apps
Palm biometric payments
View all use cases
industry
Financial services
Healthcare
Marketplace
View all use cases
ROLE
Engineering
ProductCybersecurityDocs
Compare
Twilio Verify vs AuthsignalAuth0 vs AuthsignalAWS Cognito vs Authsignal + AWS Cognito
Resources
LEARN
BlogGuidesRegulatoryTemplatesDocs
COMPANY
About usWhy AuthsignalPartnersCareersSecurityContact
Integrations
Amazon Cognito
Azure AD B2C
Duende IdentityServer
Keycloak
Auth0
NextAuth.js
Custom identity provider
All integrations
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2026 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies