2024 Global Digital Shopping index

New X Passkey Feature Signals Ongoing Shift to Passwordless Future

The emergence of all-in-one apps promises unparalleled convenience, offering users a one-stop solution for various needs. From managing finances to staying connected with friends, these multifaceted applications aim to streamline daily activities, promising a more integrated and efficient experience for users.

Findings detailed in a joint PYMNTS Intelligence-PayPal study shows that nearly 100 million consumers in the U.S. and Australia are interested in using a convenient all-in-one everyday app, with one-third of all U.S. consumers expressing a strong desire for this solution.

However, a significant barrier inhibits their widespread adoption among consumers, such as concerns about data security. 

In fact, most Americans feel uneasy about the security offered by everyday apps, making it the top reason for not embracing this tool. Within the subset of consumers focused on shopping-related activities, the figure rises even higher, with 67% of Americans expressing heightened concern. This further highlights perceived data security concerns as the top barrier limiting the adoption of all-in-one apps. 

To address these security concerns and sway skeptical consumers, the study suggested that implementing two-factor authentication or passkeys for login would be the most effective strategy. This holds true in the U.S., where 25% of consumers identified this security feature as the most important one in an everyday app. 

This coincides with the increasing embrace of embracing passkeys — a passwordless authentication feature offering users a more secure and convenient alternative to traditional passwords and even one-time passcodes (OTPs). 

With passkeys, users can sign into multiple apps, websites and devices with fingerprint recognition, face scans, or a screen lock PIN — similar to how they unlock their devices. 

security features

Tech Firms Lead Charge in Passkey Trend

Leading technology firms have been at the forefront of this trend, with Google announcing the introduction of passkeys as an option for Google Accounts in September.

“[…] Unlike passwords, passkeys are resistant to online attacks like phishing, making them more secure than things like SMS one-time codes,” the search giant said at the time. 

Prior to that in March, PayPal, an early adopter of passkeys in the financial services sector, began rolling out digital credentials for Google Android devices to add an additional layer of security for the increasing number of consumers embracing password-free transactions.

At the time, PayPal argued that “passkeys will eventually address one of the biggest security problems on the web, which is the weakness of password authentication, because passkeys are highly resistant to phishing, credential stuffing and other remote attacks.”

In September, Amazon announced the launch of passkey support, enabling customers to set up passkeys in their Amazon settings and use the same face, fingerprint or PIN used to unlock their device. 

“This is about giving customers ease-of-use and security simultaneously in their Amazon experience,” said Dave Treadwell, senior vice president of eCommerce at Amazon. “While passwords will still be around in the foreseeable future, […] we are thrilled to be an early adopter of this new authentication method, helping to realize our vision for a more secure, passwordless internet.”

And just this week, X (formerly Twitter), announced via a Thursday (Jan. 23) tweet that the firm will be launching passkeys as a login option for its U.S.-based iPhone users.

The social media giant “encouraged” users to embrace the feature, emphasizing the benefits of a seamless login experience “across different devices without having to remember or reset a forgotten password.”

Additionally, users were assured of a heightened level of security for their accounts through the adoption of passkeys.

“Since they are uniquely generated by your device, they are less vulnerable to security threats such as fraudulent, deceptive, or unauthorized attacks,” X explained on a guide to the new feature.