GoKawiilIn Brief
When it comes to securing accounts against hackers, passkeys are now widely considered the gold standard.
And yet they are still not offered by one in four major apps and services on the internet, including Instagram, Netflix, and Spotify. Those stats comes from a new website that names and shames companies that still don’t give users the option to use passkeys to login into their apps and services.
Passkeys are more secure than passwords because they are generated by a user’s device and tied to that phone or computer and the website they are created for. They can rely on biometrics such as Face ID, Touch ID, or a physical security key; and can be stored automatically in someone’s password manager. Passkey’s crucial advantage is that the user doesn’t have to remember anything — unlike a password— and they are much harder to steal or phish by a hacker unless they get physical control of the target’s devices.
Scott Helme, the longtime security researcher who created the website whynopasskeys.com, wrote in a blog post that the motivation behind the site is to push companies to enable passkeys and give users the chance to adopt them. “A list is a surprisingly effective motivator. Nobody wants to be on the list,” wrote Helme.
Major companies such as Apple, Google, and Microsoft, are on the good side of the list and do offer passkeys to users.
It’s important to note that users can turn on passkeys on Instagram, but only if their account is tied to a Facebook account with a passkey enabled.
Meta did not immediately respond to TechCrunch’s request for comment as to why some of its products, like Facebook and WhatsApp offer passkeys, but Instagram does not. TechCrunch also reached out to Netflix and Spotify. This article will be updated if any of these companies provide a comment.