Table of Contents
World Password Day lands on the first Thursday of May, and its intent remains the same as when it debuted in 2013: raise awareness for digital hygiene, encouraging everyone to audit their password security. It’s a reasonable, if unfortunately necessary, reminder that passwords are still very much the insecure default.
The FIDO (Fast IDentity Online) Alliance has been celebrating a slightly different interpretation of this credential-focused “holiday” for a few years now: World Passkey Day. Their annual report this year, The State of Passkeys 2026, includes both consumer and workforce data to produce a more comprehensive picture of passkey adoption.
The top-line numbers are strong. Consumer awareness has climbed to 90%, up from 75% in the 2025 World Passkey Day report. Three-quarters of consumers have enabled passkeys on at least one account. And on the business side, 68% of organizations are deploying, piloting, or rolling out passkeys for employee authentication.
But beneath the headline stats, there are plenty of insights to draw from the granular numbers that follow. These tell a more useful, actionable story about why organizations choose to adopt passkeys, what they gain from it, and what still sits between demand and deployment. This post breaks down the most valuable takeaways from this year’s data and what it means for your authentication strategy.
Main points
Consumer adoption has crossed a crucial threshold: Last year saw 75% awareness; this year’s 90% points to near-universal acknowledgement, and nearly half of all consumers now habitually enable passkeys
Organizations that have deployed passkeys report impactful outcomes: Companies see improved security posture, faster logins, and reduced support costs after passkey rollout
Passwords still cause significant harm: A third of consumers experienced a compromise or breach notification in the past year; nearly half will abandon a purchase over a forgotten password
The drivers for adoption are still security-first, but business-aware: Phishing resistance leads reasons for deploying passkeys, but login speed, user experience, and compliance are close behind
How consumer awareness moved from awareness to habit
The 2025 FIDO report showed us that consumer awareness of passkeys was already quite impressive at 75%, but the 2026 data shows a climb to 90% (with only 7% of respondents saying they are not familiar with passkeys at all). However, awareness isn’t adoption, and the most impressive figure is how many consumers are actually enabling passkeys: 75% enable them on at least some accounts, and 40% enable them across most of their apps. Nearly half (49%) of consumers enable passkeys “whenever possible” or “most of the time.”
Compare these responses to the 2025 figures: 69% were using passkeys on at least one account, with only 38.4% using them across all apps. For organizations weighing when their user bases will be ready for passkeys, the answer from the consumer side is a resounding “Right now!”
The demand is clear: when passkeys are offered, users will adopt them. The misapprehension that customers will resist or push back can no longer be a justification for putting passkeys off.
Where passwords are still creating security gaps
Despite the adoption gains, passwords continue to impact security posture.
When respondents were asked if they’d had their password stolen and/or any account compromised in the past year, 33% of consumers reported a confirmed account compromise or that they’d received a breach notification. In the US, that figure rises to 41% (ten points above Europe and APAC). Less than half (48%) of consumers were confident that none of their accounts were compromised.
The friction side of the equation is just as persistent: 47% of consumers say they are likely to abandon a purchase or sign-in when they can’t remember a password, with 17% saying they’re highly likely to do so. This aligns closely with findings from the previous year’s FIDO report, which surfaced similar cart abandonment rates. Descope’s own State of Customer Identity 2025 report revealed that 87% of organizations still use password-based authentication, but only 2% considered it effective at balancing user experience and security.
Our report examined the many pressures surrounding modern auth deployments: developers spinning too many plates, product roadmaps taking precedence over identity needs, and a lack of experience with auth infrastructure were leading reasons to neglect upgrades like passkeys.
The combination of ongoing compromise rates, persistent abandonment, and near-universal (enterprise and consumer) dissatisfaction with passwords makes a clear case for organizations that haven’t yet moved forward. Yet, less than a third (30%) of organizations have deployed passkeys as the primary method for signing in their workforce, with 57% relying on mainly passwords or another phishable mechanism.
The cost of staying behind is already being paid in lost revenue and high support costs. Customers increasingly expect seamless login experiences, and when they don’t get them, they move on.
Why organizations are adopting passkeys
For the first time, the FIDO report captures enterprise-focused motivations on what’s driving passkey adoption for the workforce. Among the 1,202 organizations with active passkey consideration or deployment, the top reasons for upgrading are:
Phishing and multi-factor authentication (MFA) fatigue protection (39%)
Strengthening and phishing-resistant authentication (37%)
Digital modernization (36%)
Improving employee login speed and user experience (34%)
Improving experience for remote or distributed workers (32%)
Compliance and regulatory requirements (31%)
Reducing helpdesk costs from password resets (25%)
While these responses are focused on internal passkey use cases, the ordering of priorities indicates a significant shift: security concerns lead, but the business enablement drivers (login speed, UX, modernization, remote workforce support) collectively outweigh the security motivators. Organizations aren’t adopting passkeys just to stop attacks or bolster MFA. Enterprises are waking up to the fact that passkeys offer faster, smoother authentication that directly translates into operational efficiency and better outcomes.
Descope’s research affirms these observations. Our State of Customer Identity 2025 noted that 52% of organizations faced high costs from auth-related support tickets, and 37% delayed product launches due to identity-related development needs. The FIDO data shows the other side of that coin: organizations that push passkey initiatives forward are doing so for the exact reasons that staying put is so expensive.
Early movers are seeing returns
Among organizations that have begun their passkey rollout for the workforce, the reported outcomes show impressive gains. These each connect back to one of the drivers listed above:
47% report improved security confidence and overall security posture
45% report faster employee login times
43% report improved employee satisfaction scores regarding IT
35% report a reduction in helpdesk tickets for password resets
32% report a reduction in phishing-related incidents
31% report reduced reliance on legacy MFA methods
Only 6% say it is too early to measure outcomes, which suggests that the benefits surface quickly once deployment begins. The top reported outcome (improved security posture) maps cleanly to the top deployment driver (phishing protection), and the second-most-cited outcome (faster login times) maps to the fourth-most-cited driver (improving login speed). When organizations upgrade to passkeys, the impact is demonstrable and quick.
What’s also notable is the ambition for doing away with passwords. An impressive 82% of organizations say that implementing fully passwordless authentication is a goal they have either already reached or are actively pursuing, with 28% reporting fully passwordless status across most of their workforce. Another 29% describe it as a short-term goal within the next 6 to 12 months.
What’s still an obstacle for adoption
The barriers to passkey adoption are pretty much unchanged from when the auth method was first introduced. However, the data suggests the benefits of passkeys are increasingly better-understood. Holdouts are less likely to believe passkeys are difficult to implement on their own, and more likely to doubt whether their legacy infrastructure can integrate with the newer method.
Among organizations identifying blockers, the top barriers are legacy system compatibility (38%), budget and investment approval (35%), and concerns about device recovery and account restoration (33%). These are practical, solvable problems rather than fundamental objections to the technology itself.
On the recovery point specifically, 89% of organizations report confidence in their ability to restore employee access when a passkey is lost or unavailable. The most common sources of that confidence: secure administrative recovery processes (51%), platform or cloud-based recovery features (42%), and employees registering more than one credential or device (41%).
And the standard objection of uncertain user buy-in has proven less of a problem in 2026. Among organizations that identified buy-in as a barrier, 53% describe it as a minor factor requiring some training, and only 8% say it has been a primary blocker that directly delayed rollout.
What this means for your authentication strategy
The FIDO data from this year’s report depicts a market that has moved beyond the question of whether passkeys work and into the practical experience of seeing results firsthand. Now the only hurdle for the holdouts is how to deploy them efficiently and effectively, and integrating with legacy infrastructure.
The common concern, that passkey adoption requires a heavy engineering life or a disruptive migration away from existing auth systems, is increasingly addressable. Descope customer Branch Insurance, for example, augmented their existing auth with passkeys, reducing auth-related support tickets by 50%. Their initial passkey adoption rate exceeded internal targets, and the implementation moved from vendor selection to live rollout within six months.
Descope helps organizations add passkeys to their authentication stack, whether as a full implementation or as an augmentation layer on top of existing infrastructure. Descope’s drag-and-drop flow builder handles the complexity of conditional routing (checking WebAuthn compatibility, managing fallback methods, orchestrating enrollment) without requiring dedicated auth devs on staff. Organizations can A/B test passkeys against other methods, run phased rollouts, and iterate on their user journeys without code changes.
Start your passkey journey by signing up for a Free Forever Descope account, joining our dev community, or scheduling a demo with our auth experts.
