Banks need to adopt passkeys as a safer alternative to passwords

Adobe Stock

The password is dying. If not in theory, certainly in practice. After years of technical development and cross-platform alignment, passkeys have reached a state of real-world maturity. The user experience is seamless. The infrastructure is robust. Compliance is no longer a barrier. And, most importantly, passkeys are working at scale for both consumers and the companies serving them.

Since 2022, passkey adoption has seen momentum build across industries. Today, 48% of the world's top 100 websites support passkeys, including global leaders like Amazon, Apple, Google and eBay. Across financial services and payments, early adopters like PayPal, Shopify and Coinbase have already enabled passkeys, while password managers and platforms from Apple, Google and Microsoft are making credential storage and sync effortless.

All of this paves the way for perhaps the most consequential shift yet: wide-scale adoption of passkeys by American banks. Several financial institutions, including Wells Fargo and PenFed Credit Union, are leading the charge, having moved decisively to enable passkeys for secure, user-friendly authentication.

So far, most major American banks have moved cautiously, despite increasing fraud costs and growing user friction tied to passwords and one-time passcodes, or OTPs. Their hesitation is understandable because simultaneously balancing user convenience with strong authentication, supporting a diverse range of user devices, and operationalizing credential management at scale have historically been unenviable tasks. But solutions to these challenges are now proven, and synced passkeys can also be implemented in ways that align with the stringent privacy and regulatory requirements of the financial sector.

The costs of waiting are mounting.

In 2023 alone, U.S. banks lost an estimated $10 billion dollars to digital fraud, with the majority of that loss tied to credential theft via phishing, social engineering and brute-force attacks. Account takeovers, often fueled by weak or reused passwords, remain a leading fraud vector. The financial toll is only part of the equation: Reputational damage, regulatory scrutiny and lost customer trust all compound the consequences of inaction.

Passkeys also present a legitimate business case that extends well beyond the direct financial impact of fraud. Recent findings from PayPal have also helped put some important context aroun

Fraud

Bots and gift card theft drive holiday fraud surge

New data shows a 21% jump in fraud attempts during Thanksgiving week, with automated bots and credential stuffing leading the charge.

By Carter Pape

December 15

d the potential impact of passkeys on fraud reduction as well. According to internal reporting, PayPal saw a nearly one-to-one correlation between increased passkey logins and reduced fraud-related costs. Each basis point increase in passkey adoption directly translates to lower losses. Add to that reduced call center loads from fewer password resets and fewer OTP frustrations, and the ROI becomes hard to ignore.

The benefits for financial institutions are clear. Passkeys are phishing-resistant and are recognized as a superior option to legacy multifactor authentication. Passkeys eliminate the credential theft vector that fuels most phishing and account takeover attacks.

Passkeys also reduce costs, not only by reducing fraud, but by cutting the need for support calls and infrastructure tied to outdated password systems.

Finally, they offer a competitive advantage. A fast, frictionless, and phishing-resistant experience builds trust and loyalty in an industry where both are hard won.

2025 stands as a watershed moment for financial institutions. The lessons have been learned. The ecosystem has matured. And the customer demand for simpler, safer logins is only going in one direction. U.S. banks now must meet the imperative to deliver simpler, safer digital experiences for their customers, which passkeys can uniquely enable. Doing so will also help banks minimize — and eventually eliminate — the costs and liabilities associated with passwords.

Sometimes, there are good and valid reasons to stick with the status quo, especially when there is no better alternative. This is simply not the case in the banking sector for user authentication. With a shift in mindset and a commitment to deploying passkeys at scale, banks can transform user sign-in from being a necessary security expense to becoming a customer engagement asset and a source of cost savings.