Exploring the Future of Identity: How Passkeys Will Usher in a New Era of Frictionless Digital Business

Passkeys and Verifiable Credentials will eliminate passwords and entirely transform e-commerce and the digital experience for consumers.

This entry is part 1 of 4 in the series Enterprise Passkeys Adoption Practices

Speaking at WebSummit Rio, Matias Woloski and Damian Schenkelman of AuthO / Okta, explain how important Digital Identity innovations, Passkeys and Verifiable Credentials, will usher in the next generation of online applications.

These innovations provide one of the keystone foundations for Digital Transformation, meeting the need of streamlining and speeding customer experiences.

Using e-commerce and other digital business systems can often prove a cumbersome and frustrating process, with identity registration and authentication workflows requiring multiple, repetitive steps that can lead to abandonment of purchases and forever lost customers.

Matias and Damian explain and demonstrate how these frustrations can be tackled through state of the art identity technologies, and how to build customer engagement steps that are minimalist, fast and ultimately pleasurable for customers.

Frictionless Digital Business

To set the scene Damian walks through a hypothetical demo, a use case of purchasing airline tickets, to highlight how the future of Identity will transform digital business processes.

Primarily this demonstrates the use of Passkeys, and how it can streamline the account creation / e-commerce workflows. Critically he explains this is not part of the application functionality but instead exists on the Android phone, as part of the Google Password Manager app, where the user provides a fingerprint authentication.

He then shows how the airline achieves a ‘KYC’ (Know Your Customer) requirement through the phone sharing Verified Credentials, that have been issued by an official government authority. Damian envisages a future of a single digital wallet that stores all of a user’s Passkeys and Verified Credentials.


From 3m:05s Matias moves on to exploring the technology evolution that is making this scenario possible.

He describes the history of passwords and how they have provided an Internet building block but fundamentally aren’t scalable for the modern era. In 2016 a first standard was developed to address this: WebAuthN. However this proved effective only for enterprise environments where a physical key mechanism was required and available, such as a USB key, and wasn’t really suitable for consumers.

So a new iteration was developed by the FIDO Alliance call ‘Passkeys‘, which has been adopted by major vendors such as Google, Apple and Microsoft.

The key feature of this approach, as Damian demonstrated, was that your phone becomes the physical holder of the key. It is stored in online services like iCloud or Google Drive, so that it can be synchronized across all of your devices, such as laptop or iPad.

Passkeys offer a new paradigm for identity security, where they are:

  • Phishing resistant.
  • Not breachable.
  • Segregated per website.
  • Privacy-preserving.

Verified Credentials

At 6m:35s Matias then explains the second key technology innovation: Verifiable Credentials.

VCs are cryptographically verifiable user attributes (JSON) that signed with a private key. For example a university can provide an assured record of employment, which they generate and issue and the user then stores in their digital wallet. When it is supplied to an online process, such as the ticketing example, it can be verified.

Again this technology provides foundations for a new level of Internet trust:

  • Interoperable.
  • Privacy-preserving.
  • Secure.


From 8m:50s they switch back to Damian who explores the challenges this new paradigm faces going forward.

Fundamentally the core of this is that this is a new innovation, meaning it will take time and effort to work out the wrinkles and encourage large-scale adoption.

Currently Passkeys are ecosystem-specific: Your iPhone passkeys will synch across iCloud services meaning they will be available to relevant devices but not your Microsoft or Google Chrome laptop for example. It’s likely there will be developments that address this and make them universally accessible. The standards for Verifiable Credentials are currently very fast moving and not yet stable.

Similarly as a new technology user apprehension will be another adoption friction, as they are initially intimidated by and reluctant to use new, alien methods. Likewise it is also a new world for developers, who will have to create and modify their digital business systems to integrate into these new ecosystems.

In conclusion the principle of eliminating passwords is an utterly simple one, but the impact it will have across enterprise and e-commerce systems will be profound, ushering in a new era of digital experiences for users as significant as the advent of the Internet itself.

Series NavigationPasskeys with Federated Authentication Deliver Completely Frictionless Access >>

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button