New website names and shames companies that still don’t offer passkeys to users

The recent unveiling of a website publicly cataloging companies that haven’t yet adopted passkey support highlights a crucial, and frankly, lagging aspect of modern online security. That 24% of the most popular websites still rely on passwords – a system demonstrably vulnerable to phishing, brute-force attacks, and data breaches – is a significant cause for concern. It underscores a persistent inertia within the digital landscape, where embracing genuinely secure practices is often overshadowed by legacy systems and a reluctance to overhaul existing user flows. This hesitancy isn't necessarily malicious; it’s often rooted in the complexity of integrating new authentication methods and the fear of disrupting user experience. However, as we’ve seen with the ongoing shifts in the AI landscape, often accelerated by talent movements like those detailed in AI researchers continue to leave Google for its rivals, the status quo is rarely sustainable in the face of superior alternatives. The increased demand for skilled AI professionals demonstrates a market prioritizing innovation, and security adoption should follow a similar trajectory.

The slow uptake of passkeys is particularly puzzling given their inherent advantages. Passkeys, leveraging device biometrics or PINs, offer a far more robust defense against phishing attacks because they are tied to specific devices and don’t rely on easily compromised credentials sent over networks. Furthermore, the user experience is significantly improved. No more forgotten passwords to reset, no more frustrating two-factor authentication codes. The simplicity and security of passkeys should be a compelling argument for any organization concerned about user trust and data protection. The current situation reflects a broader challenge in technology adoption: the disconnect between technically superior solutions and their practical implementation within established workflows. Consider the resilience of engineering roles despite widespread AI adoption, as shown in AI was supposed to kill engineering jobs, but new data suggests they’re the most resilient; adapting to new systems, even beneficial ones, requires deliberate effort and investment. It's not merely about *having* the technology; it's about integrating it effectively. The recent successes of companies like the one discussed in The memory chip crunch is paying off for this US company illustrate the rewards that come from strategic adoption and investment in future-focused technologies.

The public shaming aspect of this new website, while perhaps provocative, serves a valuable purpose. It increases awareness of the security risks associated with password reliance and creates pressure on companies to prioritize user safety. While some might argue that such public scrutiny is overly harsh, the reality is that users are increasingly demanding more secure and convenient online experiences. The longer companies delay in adopting passkeys, the greater the risk of data breaches and the erosion of user trust. Ultimately, this isn’t about punishing companies; it’s about accelerating the transition to a more secure and user-friendly web. The benefits of passkeys are clear, and the cost of inaction is becoming increasingly significant. The push for wider adoption will likely be driven by a combination of regulatory pressure, user demand, and the increasing sophistication of cyber threats.

Looking ahead, the key question is whether this public pressure will be enough to spur widespread adoption of passkeys. Will we see a rapid shift as companies race to improve their security posture and user experience, or will inertia continue to prevail? The move to passkeys isn't just a technical upgrade; it represents a fundamental shift in how we think about online authentication. It’s a move towards a future where passwords are relegated to the history books, and our digital identities are secured through more robust and intuitive methods. The next six to twelve months will be critical in determining whether passkeys become the norm or remain a niche feature for the more security-conscious users.