Register now for your free virtual pass to the Low-Code/No-Code Summit this November 9. Hear from executives from Service Now, Credit Karma, Stitch Fix, Appian, and more. Learn more.
Passwords are passé. Ever since the FIDO Alliance and the World Wide Web Consortium created the concept of a common passwordless sign-in standard, vendors like Microsoft, Google and Apple have all committed to developing new passwordless authentication solutions to decrease reliance on login credentials.
Today, PayPal announced it is adding passkeys, a new passwordless authentication solution designed to replace passwords with cryptographic key pairs, which will enable users to login to their online accounts with Apple Face ID and Touch ID.
Passkeys are resistant to phishing and social engineering attempts, as a hacker can’t steal a user’s login credentials to breach their online account. This new login option will first be available to iPhone, iPad and Mac users on PayPal.com, and will expand support as other platforms add support for passkeys.
More broadly, PayPal’s move away from password-based security reaffirms that login credentials have become a security liability, meaning that enterprises can’t afford to rely on passwords alone to protect critical services or resources.
Join today’s leading executives at the Low-Code/No-Code Summit virtually on November 9. Register for your free pass today.
Why passwords are out, and passwordless authentication is in
The announcement comes just a week after Google introduced passkeys for Chrome and Android, amid a wave of technology vendors implementing passwordless authentication solutions to protect users from credential theft.
At its core, the passwordless movement is an attempt to respond to the overwhelming prevalence of phishing and social engineering attacks, which attackers have used for years to harvest login credentials and break into users’ online accounts.
In fact, according to ForgeRock, hackers managed to leak over 2 billion passwords in 2021 alone, all of which can be harvested and reused by other cybercriminals.
With such a high volume of credentials available on the open and dark webs, decreasing reliance on passwords is becoming more important to protect users from threat actors.
“Launching passkeys for PayPal is foundational to our commitment to offering our customers safe, secure and easy ways to access and manage their daily financial lives,” said Doug Bland, GVP and GM, Head of Consumer at PayPal.
“We are excited to provide our customers a more seamless checkout experience that eliminates the risks of weak and reused credentials and removes the frustration of remembering a password. We are making it easier for customers to shop online,” Bland said.
With passkeys, existing customers will be able to login to PayPal on a desktop or mobile browser with their existing username and passwords, and then select the “create a passkey,” option.
This option enables the user to integrate Apple Face ID or Touch ID to automatically create a passkey, which they can use to login the next time without a password.