1 May 2025 marked a symbolic turning point in the history of authentication. Historically dedicated to "World Password Day", this date was renamed by the FIDO Alliance as World Passkey Day, highlighting a major shift in how users access digital services. Companies such as Microsoft, along with several dozen other organisations, signed the Passkey Pledge to support and accelerate the mass deployment of passkeys in the coming year.
On this occasion, it is worth noting that our PROVE IT bastion solution, is compatible with passkeys — enabling us to offer our clients a robust, modern and interoperable alternative for securing their access.
1. What is a passkey ?
A passkey (or access key) is a unique digital credential that allows a user to authenticate without entering a password. Unlike passwords, which rely on a shared and transmittable secret, passkeys use a pair of asymmetric cryptographic keys:
- A public key is registered with the service the user wishes to access,
- A private key is securely stored on the user's device, protected by a local mechanism (e.g. biometrics/PIN)
The user authenticates using a device they possess (physical key, smartphone, PC, etc.), which triggers a cryptographic signature validated by the remote service. No secret is transmitted, making this method resistant to a wide range of attacks (detailed in section 5).
2. What is the underlying technology ?
Passkeys are built on two open standards: FIDO2 and WebAuthn, co-developed by the FIDO Alliance (Fast Identity Online) and the W3C. Their shared goal is to eliminate the use of passwords in favour of strong, simple and interoperable authentication for the web.
- FIDO2 enables authentication using a local device (e.g. smartphone, USB key, smart card),
- WebAuthn is an API that allows modern browsers to communicate with these devices
This architecture is built on security by design principles: no authentication element is accessible or transmittable. Biometric data, when used, always remains on the device and never leaves the secure environment (Secure Enclave, TPM, etc.).
3. Why replace passwords ?
Despite their ubiquity, passwords remain one of the weakest links in IT security. According to the Verizon DBIR 2024 report, 77% of account compromises are linked to weak or stolen credentials. Phishing, password reuse, weak passwords… the threats are numerous.
Moreover, password management is costly: frequent forgotten passwords, resets, ever-increasing complexity… CIOs and support teams bear the consequences on a daily basis. By comparison, passkeys offer a frictionless, resilient solution that aligns with strong authentication requirements and can easily be combined with multi-factor authentication (MFA).
4. Why adopt passkeys ?
The adoption of passkeys represents a significant step forward on several levels:
- Security: resistant to phishing, data breaches on services and interception. Authentication is based on proof of possession (device) and, often, a biometric factor.
- Simplicity: no need to remember or even type a password. The user experience is smooth and immediate.
- Interoperability: passkeys work across all FIDO2/WebAuthn-compatible systems, enabling broad adoption without vendor lock-in.
- Privacy protection: no biometric data is transmitted or stored server-side. It remains on the device, isolated from the system.
5. An effective response to the most common attacks
By eliminating the password, passkeys neutralise many well-known threats for CISOs, such as phishing, identity theft and brute force attacks. Here are the main attacks they help prevent:
7. Who has already adopted them?
Passkey adoption is growing rapidly. Microsoft states that across its services, nearly one million passkeys are created every day. Modern operating systems and major browsers already support them natively :
Operating Systems :
- iOS 16+, macOS Ventura+
- Android 9+
- Windows 10/11 with Windows Hello
Browsers :
- Google Chrome (v109+)
- Apple Safari (v16+)
- Microsoft Edge (v109+)
- Mozilla Firefox (with partial support)
Compatible Services :
- Development: GitHub, GitLab, Bitbucket
- Finance: Stripe, PayPal, Coinbase
- E-commerce: Amazon, Shopify, Walmart
- Social networks: LinkedIn, TikTok, X, Discord
- Cloud & collaboration: Dropbox, Adobe, Zoom
The list grows every month, making passkey usage increasingly common for end users.
In Conclusion
The gradual move away from passwords in favour of passkeys is no longer a utopia — it is a transition already underway among technology leaders and forward-thinking organisations.
For CIOs and CISOs, this is a concrete opportunity to raise the security baseline, reduce the attack surface and simplify the user experience… while remaining compliant with relevant frameworks (FIDO2, NIS2, SecNumCloud, etc.).
PROVE IT, compatible with passkeys, enables you to take action today.
Simplify your sensitive access management with the PROVE IT bastion host
Our solutionDiscover how PROVE IT, compatible with passkeys, delivers granular control and full traceability of your sensitive access.
Written by
Other posts
Active Directory : Microsoft's Complete Directory
Publish on October 28, 2024
Strengthen connection security with WebAuthn : Its Integration in our PROVE IT PAM solution
Publish on August 16, 2024
What People Mean by "SSH Bastion host"
Publish on April 02, 2024