Table of Contents
Passkeys are the future of authentication – that much is clear. What is less clear is how fast the future is arriving. This article, part of our passkeys and passwordless authentication resource, compiles the most current and reliable statistics on passkey adoption, analyzes the trends, and provides a data-informed perspective on what the numbers mean for your security decisions.
The Current State: Early 2026
Website and Service Support
Passkey adoption among websites and services has followed a top-down pattern: the largest, most technically sophisticated platforms adopted first, with support gradually expanding to smaller services.
Top 100 websites: Approximately 50-60 percent now support passkey authentication. This includes all the major technology platforms (Google, Apple, Microsoft), large e-commerce sites (Amazon, eBay, Best Buy), financial services (PayPal, Coinbase), and social media (LinkedIn, WhatsApp, X).
Top 1,000 websites: Roughly 20-25 percent support passkeys. The drop-off from the top 100 reflects the resource and technical investment required to implement WebAuthn support.
Top 10,000 websites: Estimated 5-10 percent support. Most mid-tier websites have not yet invested in passkey implementation.
The broader internet: Passkey support is negligible among the millions of smaller websites, local businesses, and legacy web applications. These services will be the last to adopt, likely relying on CMS platform updates (WordPress, Shopify, etc.) to add support.
For a current directory of specific services that support passkeys, see which websites support passkeys in 2026.
User Adoption
Website support is only half the equation. Users must actually create and use passkeys on those sites.
Passkey-capable devices: Over 95 percent of smartphones sold since 2023 support passkeys natively (iOS 16+ and Android 9+). On desktop, macOS Ventura+, Windows 10+, and all modern browsers support the WebAuthn standard. The hardware barrier is essentially gone.
Active passkey users: Industry estimates suggest that approximately 15-20 percent of users on passkey-supporting platforms have actually created at least one passkey. This represents significant growth from single-digit percentages in 2024, but indicates that the majority of users have not yet adopted the technology even where it is available.
Passkey use frequency: Among users who have created passkeys, usage is high. Data from platform providers indicates that users who set up a passkey for a service use it for the majority of subsequent logins, preferring it over password-based authentication. This suggests the barrier is awareness and initial setup, not ongoing usability.
Growth Trajectory
Year-over-Year Trends
The growth of passkey adoption has been exponential but from a small base:
2022: Apple introduces passkey support in iOS 16 and macOS Ventura. Google and Microsoft announce support. Fewer than 50 major websites support passkeys.
2023: Google enables passkey login for all Google accounts. Amazon, PayPal, eBay, GitHub, and others launch support. Platform-native passkey creation becomes frictionless. An estimated 2-3 percent of eligible users create passkeys.
2024: Third-party password managers (1Password, Bitwarden, Dashlane, PanicVault) add passkey storage and management. The number of supporting websites roughly doubles. User adoption reaches an estimated 8-10 percent on major platforms. Financial services begin pilot programs.
2025: Cross-device authentication (QR + Bluetooth) becomes more reliable. Enterprise adoption accelerates through Microsoft Entra ID. Apple’s Passwords app gives passkeys a visible management interface. User adoption on major platforms reaches approximately 12-15 percent.
2026 (current): Passkeys are the recommended authentication method on all major platforms. The FIDO Alliance credential exchange protocol nears finalization. Estimated 15-20 percent user adoption on major platforms, with much higher rates among technically engaged users.
Projected Growth
Industry analysts and the FIDO Alliance project continued acceleration:
2027: Majority of top 10,000 websites expected to support passkeys. User adoption on major platforms projected to reach 30-40 percent.
2028-2029: Mainstream CMS platforms (WordPress, Shopify, Squarespace) expected to offer turnkey passkey support, dramatically expanding coverage among smaller websites. User adoption projected to reach 50-60 percent on supporting platforms.
2030+: Passkeys expected to be the default authentication method for new account creation on major platforms. Password-based login maintained as a legacy fallback.
Factors Driving Adoption
Several forces are accelerating passkey uptake:
Platform Push
Apple, Google, and Microsoft are not passively supporting passkeys – they are actively promoting them. Apple surfaces passkey creation prompts during account setup. Google encourages passkey setup with in-product notifications. Microsoft is rolling out passkey requirements for enterprise accounts through Entra ID.
This platform-level promotion is the single largest driver of user adoption. When the operating system suggests creating a passkey, many users accept.
Security Economics
The business case for passkeys is compelling:
- Reduced fraud: Passkeys eliminate phishing-based account takeover, which accounts for a significant portion of online fraud. See why passkeys are phishing-resistant.
- Lower support costs: Fewer password resets mean lower helpdesk costs. Password resets account for 20-50 percent of IT helpdesk tickets in many organizations.
- Compliance benefits: Regulatory frameworks increasingly favor or require phishing-resistant authentication. NIST guidelines, PCI DSS updates, and EU digital identity regulations all point toward passkeys.
Developer Tooling
Implementing passkey support has become significantly easier:
- Server-side libraries for WebAuthn are available in every major programming language.
- Authentication-as-a-service providers (Auth0, Firebase, Clerk) offer turnkey passkey support.
- The FIDO Alliance provides implementation guides and conformance testing tools.
- CMS and e-commerce platforms are adding built-in passkey support.
This reduction in implementation complexity is critical for the mid-tier and long-tail websites that represent the majority of the internet.
User Experience
Perhaps the most underappreciated adoption driver is that passkeys are genuinely better to use. Data consistently shows:
- Passkey login is 3x faster than password login and 8x faster than password plus MFA.
- User satisfaction with passkeys exceeds satisfaction with passwords in every survey conducted.
- Login success rates are higher with passkeys because there are no forgotten passwords, typos, or expired MFA codes.
When a technology is both more secure and more convenient, adoption becomes a matter of awareness rather than persuasion.
Factors Slowing Adoption
Despite strong momentum, several factors moderate the pace of adoption:
Awareness Gap
Many users do not know what passkeys are. They may see the option in account settings and skip it because they do not understand the benefit or trust an unfamiliar technology. This is the primary barrier to broader user adoption.
Legacy Systems
Enterprise applications, government services, and older websites often run on infrastructure that does not easily support WebAuthn. Upgrading these systems requires investment and testing that many organizations have not prioritized.
Cross-Platform Friction
Users who work across Apple, Android, and Windows face a more complex passkey experience than single-ecosystem users. Cross-device QR authentication works but adds friction. Until third-party credential managers fully mature their cross-platform passkey support, multi-ecosystem users face a less seamless experience.
For strategies to handle cross-platform scenarios, see how to sync passkeys across devices and Google, Apple, Microsoft implementations compared.
The “Good Enough” Problem
Users who already use a password manager with strong, unique passwords and two-factor authentication have a relatively strong security posture. For these users, the marginal benefit of passkeys, while real, may not feel urgent enough to justify changing their workflow. Our article on passkeys vs. passwords makes the case for why the upgrade is still worthwhile.
Account Recovery Uncertainty
Some users hesitate to adopt passkeys because they are unsure what happens if they lose their device or cannot access their credential store. While the recovery mechanisms are well-designed (especially with synced passkeys), the uncertainty creates friction. See can passkeys be hacked? for an honest analysis of failure scenarios.
Industry-Specific Adoption
Financial Services
Banks and financial institutions are among the most motivated adopters (phishing-resistant authentication directly reduces fraud) but also the most regulated. Adoption is proceeding through careful pilot programs, with major banks expected to offer passkeys broadly by 2027-2028.
E-Commerce
Online retailers have strong incentives: faster login means less cart abandonment, and fewer account takeovers mean less fraud-related cost. E-commerce adoption is ahead of financial services, with most major retailers already supporting passkeys.
Healthcare
Healthcare portals are lagging significantly. Patient portal systems often run on legacy platforms, and healthcare organizations face unique compliance requirements (HIPAA in the US) that slow technology adoption.
Government
Government adoption varies dramatically by country. Estonia, South Korea, and Singapore are among the leaders. The US federal government is moving toward passkeys through NIST guidelines but implementation across federal agencies is uneven.
Enterprise
Enterprise passkey adoption is accelerating through Microsoft Entra ID and Google Workspace. Organizations that mandate phishing-resistant authentication for employees are driving some of the fastest adoption rates.
What the Numbers Mean for You
The adoption statistics inform a practical strategy:
If you have not started using passkeys, now is the right time. The technology is mature, supported by every major platform, and available on enough services to make a meaningful difference to your security. Start with your most important accounts. Follow our Apple setup guide to get started.
Do not abandon your password manager. With 75-80 percent of websites still not supporting passkeys, your password manager is as important as ever. The managers that support both passwords and passkeys give you the most practical setup. See why you still need a password manager for the full picture.
Plan for the hybrid period. You will manage both passwords and passkeys for at least the next three to five years. Having a clear organizational strategy makes this manageable. See managing passwords and passkeys together.
Stay informed. Adoption is moving quickly. A service that does not support passkeys today may add it next month. Check our supported sites directory periodically.
If you use KeePass, stay engaged with the ecosystem’s passkey development. KeePass-compatible apps are adding passkey support, and the KDBX format is evolving to accommodate it. See passkeys and your KeePass database for the latest.
The statistics tell a story of a technology in rapid but incomplete adoption. Passkeys are clearly winning the technical argument, the user experience argument, and the business case argument. The remaining barrier is the sheer inertia of the internet’s installed base of password-dependent systems. That inertia is being overcome faster than most predictions anticipated, but it will take years, not months, to reach universal coverage.
