Lately, I've started seeing the "Sign in with Passkey" option on many platforms. Initially, like with any new technology, I approached it with some distance, wondering if it was just a passing fad. But my quest to improve the user experience in my own side projects, combined with security dilemmas in the corporate projects I work on, pushed me to look deeper into this topic. Especially with the increase in phishing attacks over the last few years and the inadequacy of multi-factor authentication (MFA) in certain scenarios, Passkeys have shown me why they can be an important solution.
Many times, I've seen that password management can turn into a real nightmare for users. Complex passwords, regular password changes, different passwords for different sites – even the most well-intentioned user ends up resorting to weak or reused passwords. This situation also makes it impossible to enforce corporate security policies. Passkeys aim to break this cycle, both increasing security and offering a much easier login experience for the user. In this post, I will start with the basic logic of Passkeys, then touch upon the adaptation challenges in both the individual and corporate worlds, and my practical experiences on this topic.
