Bernhardt Ramat, Dave Kartchner, and Kent Seamons, Brigham Young University
This study examines the current state of the passkey user experience across various websites, aiming to determine how well these passkey deployments align with the design guidelines recommended by the FIDO Alliance. We gathered information from 111 different websites between January and May 2025, examining what it is like for users to find, set up, use, and remove passkeys. We found that the passkey user experience varies significantly across the websites in our dataset. However, through our analysis, we observed similar passkey design patterns implemented amongst clusters of websites. We also observed several problematic, consistent design patterns implemented across several websites that create usability and security challenges for users. Our results offer usability and security recommendations for passkey implementers and advocate for the improvement of some design patterns in the FIDO Alliance Design Guidelines.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
