A new website is drawing attention to major online services that still do not offer passkeys as a direct login option, despite growing support for the technology across the industry.
Created by security researcher Scott Helme, Why No Passkeys? tracks popular websites and apps that continue to rely primarily on passwords. The list includes widely used services such as Instagram, Netflix, and Spotify.
One in Four Major Services Still Lacks Support
The website currently identifies six of the world’s 25 most popular services with user accounts as lacking direct passkey support. That represents 24% of the sites assessed.
Helme said he created the public list to encourage companies to adopt the technology and give users a more secure login choice. He argued in a blog post explaining passkeys that publishing the names of companies without support could motivate them to act.
Apple, Google, and Microsoft are among the major technology companies that already support passkeys. Facebook and WhatsApp also offer them, although availability can vary depending on the device and account setup.
Instagram presents a more complicated case. Some users may be able to use a passkey created through a connected Facebook account, but Instagram does not currently provide the same clear, independent passkey setup available on Facebook.
Passkeys Are Designed to Resist Phishing
Passkeys replace typed passwords with cryptographic credentials created for a specific website or app. One part of the credential remains on the user’s device, while the service stores a corresponding public key.
Users confirm their identity through the device’s normal security method, such as Face ID, Touch ID, a PIN, or a physical security key. Passkeys can also be stored and synchronised through compatible password managers.
Because a passkey is tied to the legitimate website for which it was created, it cannot normally be entered into a fake login page. This makes the system more resistant to phishing, credential stuffing, password reuse, and database leaks.
The FIDO Alliance developed the standards behind passkeys with support from major platform providers. Google describes them as a simpler and more secure alternative to passwords and allows users to create them for Google accounts.
Adoption Remains Uneven
Netflix’s current security guidance continues to focus on creating a unique password, while Spotify lists password-based and connected-account login methods without providing a standard passkey option.
The absence of support does not necessarily mean a company has rejected passkeys permanently. Implementing them can require changes to account recovery, device compatibility, customer support, and older authentication systems.
Helme’s project is intended to make those gaps more visible as passkeys become more common. The website also recognises companies that already offer the technology, giving users a way to compare account-security options across major services.
Featured image credits: rawpixel.com
For more stories like it, click the +Follow button at the top of this page to follow us.