New Website Shames Companies That Still Lack Passkey Support
▼ Summary
– One in four major apps and services, including Instagram, Netflix, and Spotify, do not offer passkeys for login.
– Passkeys are more secure than passwords because they are device-generated, use biometrics, and are resistant to theft or phishing.
– Security researcher Scott Helme created whynopasskeys.com to name companies without passkey support, believing a public list motivates change.
– Apple, Google, and Microsoft are among the major companies that do offer passkeys to users.
– Instagram users can only enable passkeys if their account is linked to a Facebook account that already has passkeys turned on.
A new website is calling out major tech companies that still haven’t adopted passkey authentication, publicly shaming brands like Instagram, Netflix, and Spotify for failing to offer what many experts now consider the gold standard in account security. According to the site, roughly one in four major apps and services still lack passkey support.
Passkeys represent a significant leap forward from traditional passwords. They are generated locally on a user’s device and are uniquely tied to both the device and the specific website or app for which they were created. Instead of memorizing a string of characters, users authenticate with biometrics like Face ID or Touch ID, or by using a physical security key. The passkey is then stored automatically in a password manager. The core advantage is clear: there is nothing for the user to remember, and the credentials are far more resistant to phishing attacks and theft, as a hacker would need physical access to the target’s device to compromise them.
The site, whynopasskeys.com, was created by longtime security researcher Scott Helme. In a blog post explaining his motivation, Helme stated that the goal is to pressure companies into enabling passkeys and giving users the option to adopt them. “A list is a surprisingly effective motivator. Nobody wants to be on the list,” he wrote.
On the positive side, industry giants like Apple, Google, and Microsoft already offer passkey support to their users. The situation is more complicated for some Meta products. While Facebook and WhatsApp have embraced the technology, Instagram still does not offer a direct passkey option. Users can enable passkeys on Instagram, but only if their account is linked to a Facebook account that already has a passkey configured.
Meta did not respond to a request for comment regarding why passkey support is inconsistent across its platforms. TechCrunch also reached out to Netflix and Spotify for comment. This story will be updated if any of these companies respond.
(Source: TechCrunch)
