Passkeys: A Year of Progress and Innovation
It’s been one year since Dashlane announced passkey support and became the first password manager to support passkey authentication on sites that offer it.
In that short time, we’ve made significant steps towards a passwordless future and seen the industry take strides to make passwordless login a reality. In May, we announced passwordless login, a new technology for securely accessing Dashlane without having to create or remember a single password.
In the past year, Google also introduced passkey support for Google Accounts; major sites like GitHub and Kayak made passwordless authentication available to their users; and TikTok introduced passkeys for iOS devices. Soon, Apple will be rolling out new passkey APIs via iOS 17.
With the rollout of iOS 17, Dashlane will be available as a passkey manager on both mobile and desktop, supporting passkeys across web and on Android and iOS. This is an important milestone for passkeys and passkey management, as Dashlane users will have a choice of where they store their passkeys, regardless of what browser or device they’re using.
Like any major technology shift—think cash to credit, or desktop to mobile—the transition away from passwords will take time. But we’re already beginning to see the fruits of what’s been a collaborative effort across platforms, industry groups, service providers, and companies like Dashlane. While adoption is still nascent, we’re seeing steady and sustained growth across the 18 million people and 20,000 organizations that use Dashlane globally.
Our data shows that passkeys are also easier to use than passwords. When users are presented with the opportunity to create a passkey with Dashlane, 92 percent of passkey creation requests are completed successfully, compared to 54 percent with a password. Companies have much to gain by switching their user authentication to passkeys, even if they continue to support password sign-in.
Passkeys are a simpler and more secure way to log in. Learn how they work and how Dashlane streamlines access.
How we got here
While there have been many attempts to replace the password with a mechanism more secure and convenient for people, achieving this was easier said than done. Too often, alternative options had a tradeoff between security and convenience. But replacing passwords finally became realistic in 2022 when a white paper was published that supercharged the journey we’re on today.
In 2022, The FIDO Alliance published a white paper pointing to a type of WebAuthn credential that syncs and works across platforms. WebAuthn is the web protocol at the heart of what makes passwordless authentication work between devices, browsers, and service providers. But until recently, WebAuthn was something related to hardware keys, which were never going to go fully mainstream. Now, WebAuthn is something built into newer laptops, such as Touch ID on Macs or Windows Hello.
The idea of a WebAuthn credential that could sync between devices was novel, but the pivotal aspect was that these credentials could effectively function across various platforms.
Dashlane’s role in creating the passwordless future
Our heritage as a cross-platform password manager means we can offer seamless cross-platform availability of passkeys, something other platform vendors can’t.
While a passkey stored on your iPhone can work on your laptop, it can sometimes feel like a one-way street because not all device combinations allow for passkeys to work across platforms. This limitation made us realize we had a role to play. Around this time last year, we rolled up our sleeves to see how and if Dashlane could manage passkeys, even though there were no dedicated passkey APIs for password manager apps. We had to think outside the box.
For web developers, the API to interact with WebAuthn is primarily through JavaScript. This seemed fortunate to us as JavaScript on the web allowed certain possibilities of customization. It was possible to replace the default implementation of those JavaScript methods with ones provided by Dashlane. This not only allowed for the creation and usage of passkeys through Dashlane but other password managers as well.
We ensured that only discoverable credentials get handled by Dashlane and not requests targeted for hardware keys. We were also able to provide autofill-like experiences for passkeys through conditional UI so people can choose to use a password or a passkey.
Looking ahead
Dashlane has been a member of FIDO for many years, and we became board-level members in 2023. Dashlane, along with other industry partners participating within FIDO, is working on ways to allow people to take their passkeys with them if they choose to move from one provider to another. Data portability is critical when we’re dealing with the passkeys that give important access to services online.
We’re also exploring the idea of sharing passkeys between Dashlane users. We know people will expect this behavior from a passkey provider, and we’ve already seen Apple include such functionality.
This October, FIDO will be hosting the Authenticate conference. This is an annual gathering of industry experts within the identity and authentication space. We’ll be presenting what we’ve learned the past year and our advice to companies looking to adopt passkeys support.
We’re excited to see more websites support passkeys and our users create, use, and manage passkeys with Dashlane. It’s been quite a journey over the last 12 months, and we look forward to seeing how this space evolves in the year to come.
Want to know more about passkeys? Get the answers to 10 common passkey questions, straight from our Chief Product Officer.
Sign up to receive news and updates about Dashlane