The Future is Passkeys: Say Goodbye to Passwords

The gradual decline of traditional passwords is underway, with passkeys emerging as the more secure and user-friendly alternative for digital authentication. This shift promises to simplify how we access online services while significantly boosting security. According to Karim Toubba, CEO of LastPass, the transition represents a fundamental change in how both individuals and organizations will manage their digital identities.

Toubba notes that we are currently at the start of the adoption cycle. Moving to passkeys requires not only a change in user habits but also significant updates to the applications themselves. He predicts that for the foreseeable future, a hybrid environment containing both passwords and passkeys will be the norm as businesses gradually upgrade their legacy systems. This evolution is expected to unfold over several years.

In the United States, major banks and retailers are already giving consumers the choice to use passkeys instead of usernames and passwords. A passkey typically combines biometric data, like a fingerprint or facial scan, with a device PIN, all stored locally on the user’s own device. Toubba observes that consumer adoption is leading the way, with businesses expected to follow as they undertake the considerable task of retrofitting their applications to support the new standard.

As a password management provider, LastPass supports this transition by acting as a secure vault for all user credentials. The platform now stores not just usernames and passwords but also passkeys. Users only need to open one set of credentials to access their vault, from which LastPass seamlessly provides the correct username and passkey for the application they wish to use. This approach offers users complete transparency and a streamlined login process.

The company continues to enhance its offerings, having recently introduced SaaS monitoring that includes AI tools to help combat the risks associated with Shadow IT and unauthorized AI usage. This provides organizations with clear visibility into the applications their employees are accessing. Prior to this, their SaaS Protect feature extended monitoring into proactive protection, while integrated passkeys enabled seamless, password-free logins directly from the LastPass vault.

This innovation is driven by market need. LastPass research indicates that 92% of IT leaders are convinced that passkeys enhance security, and they also view Shadow IT and AI as growing threats. Consequently, businesses are seeking enterprise-grade tools to modernize their security posture.

Toubba points to Australia as a region well-positioned to lead in adoption. He suggests that early adoption creates a positive feedback loop, or “flywheel,” that builds momentum. He also credits the Australian government for establishing mandates and a framework that helps organizations understand security best practices, creating a “carrot and stick” approach to ensure widespread implementation.

Looking forward, Toubba envisions a future where digital identity is more deeply interconnected with applications. LastPass is developing ways to tie identity management directly with SaaS monitoring, a capability he describes as a critical construct for modern businesses. The old security paradigms have vanished; people use their own devices, networks are borderless, and applications have moved to the cloud.

The goal is to usher in a new era where authentication is both simpler and more scalable. Passkeys exemplify this philosophy by removing user friction while maintaining a high security bar. Ultimately, it’s about delivering a great, seamless, and secure experience for users accessing applications, whether in a business or consumer context.

(Source: ITWire Australia)