u/Normal_Tackle_3526

I keep seeing people say hardware-bound passkeys are the “most secure” answer for consumer auth and technically that’s true but no ones really using them.

the number that surprised me: hardware-bound passkey activation in consumer banking is under 5%. meanwhile synced passkeys are already everywhere.

Main reason seems simple:

• Apple and Google control the default prompt
• synced passkeys get shown first
• FIDO2 security keys or smart cards are usually buried a few clicks deeper

doesn't matter how secure something is if the OS flow keeps hiding it.

wrote a breakdown of this at the Corbado blog: https://www.corbado.com/blog/hardware-bound-passkeys-consumer-race

anyone here think device-bound passkeys can actually break out in consumer apps without Apple/Google changing the default UX?

Lots of data piling up on how many customers in banking, healthcare and insurance never make it past sign-up or login:

* roughly 1 in 3 banked US households never used online banking in 2023 (FDIC)

* 80%+ of login failures happen client-side before the backend ever sees them

* field workers, older users and privacy-averse customers all fail for different reasons

passkeys help a lot with login friction for users who actually make it to the screen. but if someone never completed sign-up or doesn't have an email address, even the smoothest passkey flow won't save them.

wrote a breakdown of this at the Corbado blog: https://www.corbado.com/blog/digital-identity-gap

anyone else thinking about this gap between "passkeys reduce friction" and "some users just don't exist digitally yet"?