Here are my quick reflections about today, “World Password Day”.
Passwords hurt many, many people. They’re incredibly user-hostile, putting burdens on people that computing devices should solve instead. I love my password manager because it helps me navigate the world, but there is a limit on who can be helped with software that layers on top of the broken password experience.
I can see that that pain is increasingly understood by the people who make and manage apps and websites, as evidenced by huge uptake of passkeys, as well as other “passwordless” strategies deployed by websites. I’m seeing a mix of passkeys, OTPs, and magic links these days.
A few months ago, I wrote about the flaws of email “magic links” and how passkeys can be integrated with magic links to provide a better user experience. I’m still proud of this piece, and I’d love for folks to read it. https://rmondello.com/2025/01/02…
Large websites and apps are seeing incredible results deploying passkeys as a core part of their user authentication strategies, with fewer failed sign-ins and faster sign-ins overall. And this is before we’ve seen large uptake of “Automatic Passkey Upgrades”, which will accelerate this trend.
Obviously, passkeys aren’t perfect, but they have compelling industry momentum and a group of stakeholders who care deeply about making them better. User experiences are being refined, powerful capabilities are being added, and yes, the ability to move passkeys between credential managers is coming.
I am thrilled by the progress passkeys have made in just a few short years and extremely optimistic about their future. Let’s keep it up. :)