The End of Passwords

Pop quiz: How many times did you reset a password last year?

If you’re like most people, the answer is “too damn many.”

Here’s the thing. While you’ve been juggling dozens of increasingly ridiculous password requirements (Yes, Karen from IT, I will add a hieroglyph and the chemical formula for benzene), the tech world has been quietly building your escape route.

It’s called a passkey, and if our guide to how password managers work taught us anything, it’s that the days of typing passwords are numbered.

More than 15 billion online accounts can now use passkeys instead of passwords ^[1]. Google alone has 800 million users who’ve made the switch ^[1]. And they’re not coming back.

The most surprising part? This isn’t some distant future tech. You’ve probably already seen the option pop up when signing into PayPal, Amazon, or your PlayStation.

But what exactly are passkeys, why are they suddenly everywhere, and should you care?

Buckle up. We’re about to find out.

Why Passwords Are Finally Dying (For Real This Time)

Let’s be honest: We’ve heard “passwords are dead” predictions for years. Yet here we are, with some people still typing P@ssw0rd123! like it’s 2005.

So what’s different this time?

The breaking point came from two directions at once. On one side, hackers got scary good at cracking passwords. Microsoft’s systems blocked 7,000 password attacks per second in 2024 ^[2]. Yup, per second. The Verizon Data Breach Investigations Report found that 81% of breaches leveraged stolen, weak, or default passwords ^[3].

On the other side, we all got exhausted. Managing passwords became a full-time job nobody wanted. The average person has 100+ online accounts, and 85% of people admit to reusing passwords across multiple sites ^[4]. We know it’s dangerous. We do it anyway because the alternative is madness.

Password managers helped, but they’re still based on the same flawed concept: shared secrets that can be stolen, guessed, or phished.

Enter passkeys.

They’re not just another incremental improvement. They represent a fundamental shift in how authentication works. Instead of something you know (a password), passkeys use something you have (your device) plus something you are (your biometric).

The technical term is “phishing-resistant authentication,” which is bureaucrat-speak for “hackers can’t steal this even if they really, really want to.”

The momentum is real. Consumer awareness jumped from 39% in 2022 to 57% in 2024 [1]. Apple, Google, and Microsoft all support passkeys natively. And when those three actually agree on something, you know the tide has turned.

So what’s actually happening when you use a passkey?

How Passkeys Actually Work (Without the Jargon)