Which websites support passkeys and which don't, according to whynopasskeys.com?

According to whynopasskeys.com, 7 of the top 25 sites globally still have no passkey support, including Instagram, Netflix, Spotify, Samsung, Roblox, and Baidu.

Why is the lack of passkey support a significant security risk for users?

The lack of passkey support is a significant security risk because passkeys are phishing-resistant by design, meaning they can't be phished, leaked in a breach, or replayed.

What is the goal of whynopasskeys.com?

The goal of whynopasskeys.com is to push companies to enable passkeys and give users the chance to adopt them, making this gap in security visible and encouraging companies to prioritize security.

Security Researcher Launches Website to Highlight Lack of Passkey Support by Major Companies

Q: Who created whynopasskeys.com?

Whynopasskeys.com was created by Scott Helme, a longtime security researcher.

Scott Helme's new website, whynopasskeys.com, reveals that 7 out of the top 25 global sites don't support passkeys, including Instagram, Netflix, and Samsung. The site aims to encourage companies to adopt this phishing-resistant authentication method.

A new website has been launched to name and shame companies that still don't offer passkeys to their users, highlighting a significant gap in online security.

What Happened

The website, whynopasskeys.com, was created by Scott Helme, a longtime security researcher, who built the site as a sequel to his previous project, whynohhttps.com. The new site takes the world's most popular websites and tells users which ones support passkeys and which don't.

According to the website, 7 of the top 25 sites globally still have no passkey support, which is 28% of the most-visited destinations on the internet. These include major companies like Instagram, Netflix, Spotify, Samsung, Roblox, and Baidu, all of which have hundreds of millions or even billions of accounts protected by nothing more than a password and possibly MFA.

Background and Context

Passkeys are a type of authentication that is generated by the user's device and tied to that phone or computer and the website they are created for. They can rely on biometrics such as Face ID, Touch ID, or a physical security key; and can be stored automatically in someone's password manager.

The technology works and it's widely supported, but adoption is still lagging behind. According to Helme, "we aren't waiting on engineering, we're waiting on adoption." The site aims to make this gap visible and encourage companies to enable passkeys and give users the chance to adopt them.

Why It Matters

The lack of passkey support is a significant security risk for users. Passkeys are phishing-resistant by design, meaning they can't be phished, leaked in a breach, or replayed, whether they replace a password or back one up. This makes them a more secure option compared to traditional passwords.

For adult-industry platforms and operators, this is particularly relevant due to the sensitive nature of their content and the need for robust security measures to protect user data. The use of passkeys can help reduce the risk of phishing attacks, which are often used to compromise user accounts and access sensitive information.

What Comes Next

The website whynopasskeys.com aims to push companies to enable passkeys and give users the chance to adopt them. By making this gap visible, the site hopes to encourage companies to prioritize security and provide a more secure experience for their users.

In related news, another website, passkeys.io, has been launched to showcase leading brand websites and apps that support passkeys. The site highlights the benefits of passkey adoption, including enhanced security, faster logins, and reduced support needs.

Key Facts

The website whynopasskeys.com names and shames companies that still don't offer passkeys to their users.
7 of the top 25 sites globally still have no passkey support, which is 28% of the most-visited destinations on the internet.
The lack of passkey support is a significant security risk for users, as it makes them vulnerable to phishing attacks and data breaches.
Passkeys are widely supported and work securely, but adoption is still lagging behind.
The website whynopasskeys.com aims to push companies to enable passkeys and give users the chance to adopt them.

In conclusion, the launch of whynopasskeys.com highlights a significant gap in online security, with many major companies still not offering passkey support. The site aims to encourage companies to prioritize security and provide a more secure experience for their users.