Passkeys: The Secure Authentication Lacking in 1 in 4 Major Apps

A new tracking website reveals that one in four major apps and services still do not offer passkeys—a technology widely considered more secure than traditional passwords.

Notable holdouts include Instagram, Netflix, and Spotify, according to data compiled by security researcher Scott Helme at whynopasskeys.com.

What Are Passkeys?

Unlike passwords, passkeys are generated by and tied to a user's specific device and the website for which they are created. They rely on biometrics—such as Face ID or Touch ID—or a physical security key, and can be stored in a password manager for convenience.

Passkeys are significantly harder to steal or phish than passwords, as they require physical control of the user's device to authenticate. Major tech companies including Apple, Google, and Microsoft already offer passkey support.

Why the Holdout?

Helme launched the site specifically to motivate companies to implement passkey support, highlighting the security gap left by lagging adoption.

Meta, the parent company of Instagram, did not respond to requests for comment on why some of its products (Facebook, WhatsApp) support passkeys while Instagram does not. Users can enable passkeys on Instagram only if their account is linked to a Facebook account that already has passkeys enabled.

TechCrunch also contacted Netflix and Spotify regarding their lack of support; the article will be updated if responses are received.

Stay tuned for updates as major services continue to weigh the security benefits against implementation costs.