Dashlane unveils the top 20 fastest-growing sites driving passkey adoption

Originally published:July 30, 2024|Last updated:August 13, 2024|John Bennett

Passwords have long been a drag on the digital economy. The user friction caused by forgotten passwords and password resets costs businesses millions in lost revenue and time. Compromised and weak passwords remain at the heart of most breaches, causing immense financial and reputational harm.

The growing use of passkeys as a replacement for the password promises to be a boon for businesses and users alike. It fundamentally rewrites access to apps and services by removing login friction and significantly raising the security bar for everyone with phishing-resistant authentication.

Dashlane was the first credential manager to support passkeys across all major platforms. Since then, thousands of users have created, saved, and logged in to sites using passkeys with Dashlane. 

Today, we’re using that rich dataset of early passkey adopters to launch the inaugural Dashlane Passkey Report, a first-of-its-kind look at the brands and services leading passwordless adoption. The Passkey Report explores the current passkey landscape and what’s spurring use, based on an analysis of hundreds of thousands of anonymized passkey authentications via Dashlane from the past year.

Let's dig into our findings.

Like many technological shifts, early passkey adoption is largely being driven by consumers. Looking at passkey authentication growth from Q2 2024 (April - June) of our top-20 domains by volume, we found that “sticky” apps—those used much more frequently on a daily or weekly basis, such as e-commerce, finance/payment, and social media sites—are among the fastest-growing in passkey usage. Three of the four fastest-growing apps are in e-commerce: Amazon, eBay, and Target.

Aside from the consumer-driven adoption, there’s also activity within enterprises with security apps, such as Cisco Duo, which has been at the forefront of authentication and passkey support. 

“We continue to embrace passkeys as the safest authentication method to date, and it's been heartening to see a thriving third-party ecosystem emerge that empowers Dashlane to improve the usability of passkeys even further,” said Matthew Miller, Head of Passwordless, Cisco Duo. “We look forward to continuing collaboration with Dashlane in the FIDO Alliance and W3C as we drive the ecosystem forward.”

Sites that manage cryptocurrency, like Coinbase and Binance, are major players in the fast-growing cohort of finance and payment apps. These sites are often heavily targeted by attackers looking to gain access to wallets with stored crypto, which makes passkey adoption for these sites all the more important.

In addition, Stripe, which began supporting passkeys in 2023, is another fast-growing domain in our report. The app is an integral part of payment processing for many businesses, and it’s among the top 10 most popular and fastest-growing domain lists in terms of passkey usage. 

Bookkeeping software provider Moneybird is another app that has shot up to become the third fastest-growing domain overall, among our top-20 domains by authentication volume.

More than 100 sites now offer passkey support, with notable brands such as Target, PlayStation, and X (formerly Twitter) adding support in 2024.

Looking at authentication data since we began passkey support in 2022, combined with a timeline of passkey support introduction, we see that scaled platforms and early adopters are driving and maintaining a large share of passkey usage. This make-up of passkey activity is ever-changing as more sites and services begin offering passkey support. 

Overall, passkey authentications made via Dashlane are concentrated in the top 20 most popular apps, which account for the majority (52%) of passkey authentications. While early adopters such as Cisco Duo, Google, and other software service providers rank very highly in terms of popularity, companies from different industries are quickly catching up. One of these apps, the popular gaming site Roblox, represents the only example of its class (i.e. gaming) in the top 20.

It’s important to note that Google and Apple users are less likely to experience passkey authentication through Dashlane or other third-party credential managers as both have an integrated passkey experience with their own authenticators. Apple and Google serve as both the relying party (the entity that relies upon the user's credentials to grant access) and the authenticator, and so are able to automatically create credentials for their users.

In addition, services such as Amazon are stickier in terms of the use of the passkey to authenticate, whereas a user would likely not authenticate as frequently on Apple with a passkey.

Categorizing our top 20 most popular passkey sites by sector, e-commerce sites like Amazon and eBay (an early adopter) represent the largest share of passkey authentications at 42%. According to the FIDO Alliance 2023 Online Authentication Barometer, the average U.S. consumer abandons a purchase and gives up accessing an online service 4.76 times per day because they can’t remember their password. Not only do passkeys make users more secure, but they also speed up the checkout process and eliminate the risk of abandoned purchases due to forgotten credentials.

Our data also highlights the user experience benefit of passkeys. When Dashlane users are prompted to use passkeys, they are 70% more likely to successfully sign-in, compared to passwords.

While passkey use overall is still nascent compared to passwords, growth continues to accelerate. Passkey authentications with Dashlane have grown to 200,000 per month, a more than 400% increase since the beginning of the year. Overall, one in five active Dashlane users now has at least one passkey stored in their credential vault.

We are thrilled to present this initial passkey report as part of our commitment to furthering the adoption of this generational change in security. We look forward to seeing what next year's report reveals as more service providers and enterprises push towards the passwordless future.

For more information, please visit https://www.dashlane.com/passkeys. 

Methodology

The Dashlane Passkey Report is based on an analysis of Dashlane data encompassing hundreds of thousands of anonymized web and mobile passkey authentications since the company began offering support in September 2022. 

For the “fastest-growing” dataset, Dashlane Data & Analytics looked at three month growth of our top-20 domains by volume, encompassing Q2 2024 (April - June). The “most popular” dataset is presented as a share of total authentications completed via Dashlane since we began passkey support.

A passkey authentication consists of the use of a passkey to log into a site or service and access an account. With the novelty of passkeys, implementations and authentication policies can differ across sites (certain sites may have stricter re-authentication timelines than others, for example), and therefore authentications do not necessarily reflect usage of the site or service.

Passkeys are implemented using the Web Authentication API (also known as WebAuthn), which allows servers to register and authenticate users using public key cryptography instead of a password. There are certain sites in our report, such as Facebook, that offer WebAuthn-based passkeys as a secondary form of authentication, in addition to the password. Dashlane is unable to distinguish between WebAuthn-based 2FA and passkeys as a primary factor due to the nature of the WebAuthn API.

John Bennett

John Bennett, with over 30 years of experience in B2B SaaS and communication companies, joined Dashlane in 2023 after serving as CEO at Cordence. He previously grew LogMeIn's Identity and Access Management business unit to $450 million and held executive roles at Citrix, Vapps, Ace*Comm, Sentori, CMGi, and Nascent Technologies.

Read more