Passkey Trends for 2026: What the Data Says

Q: What is driving passkey adoption in 2026?

Two forces are converging: platform defaults and proven business outcomes. Google and Microsoft making passkeys the default sign-in option for hundreds of millions of users has normalized the experience at scale, while organizations that have deployed passkeys are reporting measurable improvements in login success rates, sign-in speed, and support costs.

Q: Why haven't more organizations fully deployed passkeys if the benefits are so clear?

The business case is clear, but the path isn't always straightforward. Institutional constraints, such as limited auth expertise, legacy systems, and competing roadmap priorities, slow the transition from intent to full implementation. Most organizations want passkeys, but want them to work around what already exists.

Q: Do passkeys replace passwords entirely, or do they work alongside them?

For most organizations, passkeys run alongside passwords and other auth methods rather than replacing them outright. The practical approach is to deploy passkeys on new or secondary flows first, and expand once internal data supports a broader rollout.

Q: Are passkeys phishing-resistant?

Yes. Passkeys use public key cryptography, meaning no shared secret is transmitted during authentication. The credential is bound to a specific app or site and cannot be intercepted, reused, or redirected to a fake login page, making passkeys resistant to phishing in a way that passwords are not.

Q: What's the best way to start deploying passkeys?

Start on lower-stakes flows (signup, account recovery, or step-up authentication) where you can measure outcomes without disrupting your primary login path. Once the internal data supports it, expand from there.

Auth ThoughtsMay 13, 2026

Alex Brown

Content Marketing Manager

Share on:

Table of Contents

Summarize with AI

Don't have the time to read the entire post? Our human writers will be sad, but we understand. Summarize the post with your preferred LLM here instead.

Passkey awareness and consumer infrastructure have reached critical mass. The FIDO Alliance’s Consumer Password and Passkey Trends Report revealed that 75% of global consumers now recognize passkeys, and 28% enable them whenever possible.

However, organizational readiness hasn't kept up. Per Descope’s State of Customer Identity 2025, 87% of organizations still use passwords for customer-facing auth, while only 2% believe passwords balance security and UX.

The focus today is on closing the gap between intent and implementation, and making smart choices about how passkeys fit alongside what already exists.

In this blog, we’ll explore:

Where passkey adoption stands
The adoption vs. readiness gap
The tangible benefits of passkeys
What the future holds for passkeys

Where passkey adoption stands

Multiple customer auth trends point toward a passkey-centric future. Descope's State of Customer Identity report found that 45% of organizations have deployed passkeys in at least one app, and 27% expect to within two years, meaning over 70% of organizations either plan to adopt passkeys or have already started.

State of Customer Identity 2025

Get identity insights from 400+ customer IAM decision-makers.

Get your copy

Passkey adoption has grown over multiple years after the technology became widely available across major platforms in 2022. FIDO Alliance reports that 48% of the top 100 websites now offer passkeys, more than double the 2022 figure. And, according to Dashlane’s 2025 Passkey Power 20 report, their customers’ passkey authentications doubled from 2024 to 2025, reaching 1.3M per month.

Platform defaults are driving much of the volume in passkey adoption. Google made passkeys a default option for personal accounts in October 2023, and Microsoft followed suit in May 2025. Per Dashlane, Microsoft saw 120% growth in passkey use after the change, which suggests users of enterprise infrastructure are comfortable switching to passkeys.

But it’s not just tech giants taking a passkey-first approach. Smaller organizations that prize user-friendly security have followed suit, leading to impressive upticks in adoption. The crypto exchange Gemini boldly made passkeys mandatory in May 2025, driving a 269% surge in use, per Dashlane.

The adoption vs. readiness gap

Despite impressive adoption numbers, the demand to deliver passkeys is outpacing organizations’ confidence to do it successfully. While most companies want passkeys, many don't feel that their current systems can support them without significant refactoring.

Part of the problem is who's responsible for passkeys and other passwordless auth systems. Per Descope’s State of Customer Identity survey, 51% of organizations are relying on developers with minimal auth experience to build customer-facing identity systems. And under a third (28%) have dedicated customer identity and access management (CIAM) engineers.

State of CIAM overworked developers — Fig: Mismatch between developer expertise and expectation

Competing priorities are another major factor. Descope’s study also found that just under half of surveyed organizations (46%) have delayed identity-related projects due to competing product priorities, while almost the same share (47%) are struggling to modernize legacy systems.

The result of these gaps is stasis with partial execution. Organizations add passkeys in a few places, passwords remain the default everywhere else, and the full benefits of passkey-based auth don't materialize.

The tangible benefits of passkeys

Despite the gap between demand and readiness, passkeys and other passwordless methods have grown in popularity over recent years. They’re inherently phishing-resistant, offering significantly greater security, and offer an improved login experience (especially when paired with adaptive auth). While some auth methods involve a trade-off between security assurance and UX, passkeys don’t.

Passkeys deliver a 30% higher sign-in success rate than traditional MFA methods and average an 8.5-second sign-in time vs. 31.2 seconds for passwords, per FIDO. Login success rates tell the same story. According to FIDO, passkeys see a 93% success rate, while traditional methods (e.g., password-based) succeed 63% of the time.

According to Dashlane, HubSpot saw a 25% improvement in login success and 4x faster logins (compared to password-plus-MFA) after deploying passkeys. Microsoft’s 2024 passkey rollout saw enormous UX impact, with passkey users signing in 8x faster than those using passwords with MFA, and a 98% success rate (compared to 32% for passwords).

Fig: Passkey performance reported by Microsoft after their 2024 rollout

Faster, more consistently successful logins via passkeys can also significantly lower support costs. FIDO also notes deploying organizations see an average 73% reduction in sign-in time and 81% reduction in login-related tickets.

What’s next for passkeys

While security benefits have historically led the passkey charge, the business case is quickly becoming the biggest motivator for adoption. Organizations are coming to the realization that passkeys aren’t a binary, rip-and-replace affair, and hybrid implementations will soon outnumber those still leaning on passwords alone.

A/B test your auth and user journey flows with Descope — Fig: Descope A/B testing flow for passkeys

Customer-facing deployments can pilot passkeys with new or secondary flows first, where the stakes are lower and the lift is measurable. Teams add passkeys to signup, account recovery, or step-up touchpoints instead of modifying the primary login path. This lets them prove the numbers internally before committing to a broader rollout. Most organizations will enable passkeys alongside passwords and MFA paths rather than completely replace password-based flows.

Branch Insurance's rollout with Descope is a useful template for how passkey adoption will look for many organizations. Branch sought out a phishing-resistant auth method that would leave their current auth provider and user store intact. They deployed passkeys as the primary path, with a fallback to one-time passwords or magic links when device support (a rarity, but possible) was lacking..

Looking ahead, risk-based signals will increasingly layer on top of passkeys for step-up scenarios, like sensitive transactions and new devices, rather than replacing adaptive auth outright.

Deploy passkeys effectively with Descope

Passkeys continue to represent one of the biggest trends in passwordless auth, led by major platforms adopting them as the default. There’s still a readiness gap preventing full saturation, but the business case for passkeys can’t be ignored. Every day, organizations looking for ways to optimize their identity journeys deploy passkeys and start reaping the benefits.

However, starting from scratch or with cumbersome legacy infrastructure, deploying passkeys requires expertise, resources, and time. Descope’s no- and low-code flows make enterprise CIAM features accessible, giving your team the tools to deploy passkeys and other advanced auth without the heavy engineering lift.

Sign up for a Free Forever account with Descope and start building secure, scalable auth flows today. Have questions about passkeys or passwordless auth? Book time with our experts.