Passwords have been around for about as long as computers. There’s a reason for their longevity: Consumers intuitively know how to use them — in spite of their security shortcomings. Businesses keen to offer a low-friction way for customers to secure their online accounts have had little option but to persist with passwords. That is, until now.
The emergence of passkeys is set to transform the way users login to their favorite sites and apps — by ditching passwords altogether and allowing them to use their preferred biometrics, PINs, or swipe patterns. That’s why PayPal is supporting a FIDO-led initiative to make passkeys the new gold standard for login security around the world.
Learn more about what passkeys are, how they work, and the role they play in secure payment orchestration.
There’s one big challenge with passwords. They may be easy for us all to use, but they can also be easy for criminals to steal or guess. The problem is scale. A typical computer user may have scores of websites and apps they regularly need to access. Remembering unique credentials across all of these can be extremely challenging — especially when security best practices say they must be “strong and long” to beat the automated software hackers use to crack easy-to-guess passwords.
Fraud is evolving to incorporate new technologies and methods, leading to large-scale password data breaches. In the U.S. alone there were over 1,800 data breaches last year affecting 422 million individuals.1 Passwords can also be phished individually from victims by criminals posing as legitimate entities like banks or streaming providers. According to the FBI’s Internet Crime Report, there were nearly 300,000 reports of phishing in 2023 — more than double the number of reports in 2019.2
Stolen usernames and passwords are often traded in bulk on dark web marketplaces, where they’re bought up in large quantities. Hackers can feed this data into credential stuffing tools to see if the same logins have been reused across other websites and apps. If they have, the hackers may be able to unlock accounts on those other platforms, too.
The password problem has gone unresolved for far too long. Consumers are sick of having their accounts hijacked and their money and data stolen. Businesses also suffer from the repercussions, such as reduced consumer confidence and reputational damage. Previous attempts to mitigate the problem — including password managers and two-factor authentication apps or one-time passcodes — have so far failed to gain widespread adoption.
That's where passwordless authentication tools like passkeys can help.
First, what are passkeys? Passkeys are a common login standard created by the FIDO Alliance and the World Wide Web Consortium. Passkeys enable customers to seamlessly gain access to their online accounts without needing to use a password. Instead, they can use the same biometrics (like Apple’s TouchID or FaceID), PIN, or swipe pattern they use to unlock their device.
Passkeys are designed to replace traditional passwords since they are more user-friendly and secure. Users don't have to remember them and create them anew for each of their accounts and devices. Instead, they can go through a one-time setup process and then proceed to use their passkey across devices. Even if the user loses their device or gets a new one, they can still access and recover their passkey by logging into the cloud.
Here’s how Passkeys work:
This step-by-step guide provides a quick overview of how to use passkeys:
Learn more about how to use PayPal passkeys.
As passkeys become more prevalent, it’s important to understand passwords vs. passkeys pros and cons. Most notably, businesses should understand how passkeys can help them reduce risk and improve payment security across platforms.
Here’s a closer look at how passkeys are different from passwords:
The user experience is seamless, familiar, and consistent. Passkeys can also be securely synced across devices and computers, making them more convenient to use than unique passwords created for each site or app.
Passkey security is based on industry-specific FIDO Authentication. Passkeys are more secure than passwords because they are stored using a pair of encrypted keys, for example. They are also stored through the user's operating system instead of a remote server, making them less vulnerable to phishing, credential stuffing, and other remote attacks.
Passkeys also can't be guessed or stolen like passwords can. And they don't require the user to take any extra steps to log in, such as accessing a confirmation email or SMS message — additional communications that can be intercepted.
Passkeys ensure scalability and security, since users do not need to create a new key from scratch on each new device or service. Instead, their passkeys will be available wherever and whenever they need them.
Passkeys are becoming the new standard for login security, but may still pose some implementation challenges. As such, businesses should be aware of potential passkey disadvantages and obstacles, including:
Traditional passwords remain vulnerable to data breaches and phishing attacks. As fraud continues to grow and evolve, passkeys have emerged as a new standard to help businesses improve data security and create a frictionless login process for customers.
As a founding member of the FIDO Alliance and a strong advocate for user security, PayPal is leading from the front as one of the first firms to offer support for passkey implementation. Our website and app offer customers in the U.S. on supported devices and browsers a glimpse into a password-less future.
As businesses seek more advanced authentication methods, passkeys can play a vital part in their security strategy. They can also be paired with other cutting-edge security solutions like fraud detection powered by machine learning.
Looking forward, passkeys and passwordless authentication represent a fantastic opportunity to enhance security and scalability across the internet. That’s something both consumers and businesses should be excited about.
Learn more about PayPal and passkeys.
Let's talk about how PayPal can power your growth.
Tell us a little about your business so we can connect you with the right people
Want to speak with an account specialist right away?
Call 1-855-787-1009Need help with your existing account?
Visit our Help CenterIf you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more