Companies Under Fire: The Passkey Revolution and the 24% That Are Lagging Behind
TL;DR
- A new watchdog website has launched to expose the 24% of top-tier websites that still fail to offer passkey technology, leaving users vulnerable to phishing and account takeovers.
- While major players like Amazon, PayPal, and Microsoft have integrated passkeys, critical lagging sites including Facebook and Netflix have yet to adopt the standard, creating a fragmented security landscape.
- Industry leaders from the FIDO Alliance emphasize that despite current adoption hurdles like ecosystem fragmentation, broader passkey implementation is inevitable and essential for global user safety.
Companies Under Fire: The Passkey Revolution and the 24% That Are Lagging Behind
In a bold move to accelerate the transition to passwordless authentication, a new digital watchdog website has launched with a singular, critical mission: to highlight the companies failing to adopt passkey technology. The platform serves as a public ledger of the security gap, revealing that a staggering 24% of the most popular websites on the internet still lack this critical security feature.
For users, this statistic is not just a number; it is a direct threat vector. Websites without passkey support rely on traditional passwords, which remain the primary entry point for phishing attacks, credential stuffing, and account takeovers. By curating a list of these non-compliant giants, the new site aims to pressure stakeholders into upgrading their authentication infrastructure, framing the lack of passkeys not as a technical choice, but as a negligence of user safety.
The Landscape of Adoption: Winners and Losers
The push for passkeys has gained significant momentum in recent years, championed by major ecosystem providers. According to the FIDO Alliance, the industry that developed the core authentication technology behind passkeys, adoption is surging. Apple introduced the technology to iOS in 2022, and Google followed in 2023, leading to a massive increase in daily passkey creation.
Data from 2024 shows that passkey adoption doubled, with over 15 billion online accounts now capable of using passkeys for faster, safer sign-ins. By late 2024, services supporting passkeys had jumped from 58 to 115, and Bitwarden reported a 550% increase in daily passkey creation.
However, the landscape is not uniform. While e-commerce giants like Amazon (which saw an 88.9% increase in passkey usage among users), PayPal, eBay, and financial institutions like Bank of America and Chase have rolled out robust passkey options, the "lagging" 24% remains a significant concern.
The new watchdog website specifically points to high-profile social media and streaming platforms that have yet to join the revolution. Facebook and Netflix, despite their massive user bases, are currently cited as notable exceptions that have not started using passkeys. This creates a disjointed experience where a user might be secure on their bank account but vulnerable when logging into their social media or streaming service.
The 24% Problem: Why It Matters for User Safety
The core argument of the new watchdog site is that the 24% of popular websites lacking passkeys represent a massive "attack surface" that remains unmitigated. Passkeys offer phishing-resistant security by leveraging platform credential managers like Apple iCloud Keychain, Google Password Manager, and Microsoft Authenticator. Unlike passwords, which can be stolen via fake login pages, passkeys are bound to the device and the specific website, making them impervious to traditional phishing tactics.
When a top-tier website fails to adopt this standard, it forces users to rely on the very mechanism that security experts have long warned against: reusable, text-based passwords. This reliance perpetuates the "password-fallback trap," where users must maintain a password alongside a passkey for other services, effectively reducing the security benefits of the new technology.
The implications for user safety are profound. Without the universal adoption of passkeys, the digital ecosystem remains vulnerable to the same old threats that have plagued the internet for decades. The watchdog site argues that until these 24% of websites upgrade, the promise of a truly secure, passwordless internet cannot be fully realized.
The Roadblocks: Fragmentation and UX Confusion
Despite the clear benefits, the transition has faced hurdles. Industry analysts and the FIDO Alliance have identified several compounding problems that slow adoption: ecosystem lock-in, confusing user experiences (UX), and persistent password fallbacks.
Ecosystem fragmentation remains a primary issue. While the FIDO Credential Exchange Protocol was designed to solve cross-platform portability, it remains a draft specification as of mid-2025. This means users cannot easily move their passkeys between different credential managers, creating friction that discourages adoption. Furthermore, the user experience is often inconsistent; some services require JavaScript execution and API instrumentation to detect passkey support, making static analysis insufficient and the process opaque for many users.
Enterprises are also hesitant. The report from FIDO on "Passkeys for Enterprise" notes that organizational adoption is slow because many services still require a traditional password alongside passkeys, meaning the attack surface isn't actually reduced. As Kunal Ganglani noted in a 2026 analysis, these three problems undermine each other, creating a cycle where adoption stalls despite the clear technological advantage.
The Future: Inevitable and Urgent
Despite the current lag, the trajectory of the industry suggests that the shift to passkeys is inevitable. Andrew Shikiar, CEO of the FIDO Alliance, has stated that while the technology is in an "early adoption" phase, "it's just a matter of time for more and more sites to start offering this."
The new watchdog website serves as a catalyst in this process. By publicly identifying the 24% of leaders who are failing to adapt, it creates a competitive pressure that history suggests will force compliance. With 90% of people now aware of passkeys and 75% having enabled one on at least one account, consumer demand is reaching a tipping point.
As the FIDO Alliance's 2026 State of Passkeys report highlights, the technology is moving from an optional upgrade to an operational baseline. The lagging 24% of websites will soon find themselves not just behind the curve, but exposed to a growing tide of users who demand the security and simplicity that passkeys provide. The revolution is underway, and the pressure on the laggards is intensifying.
Get All The Latest Updates Delivered Straight To Your Inbox For Free!