Amazon has enabled support for passkey-based login, with the feature going live on the web for all customers. The tech giant and retailer also says it is “gradually” rolling out passkey support on the iOS Amazon Shopping app, with Android support “coming soon”.
The feature offers upgraded security to users who are accustomed to password-based authentication. Passkeys essentially store a set of cryptographic codes on a user’s smartphone that can only be unlocked with a biometric scan or a PIN. As Amazon explains in its announcement of passkey support, they offer “an easy and more secure way to sign in” to an online account.
Before Amazon’s announcement, passkeys were already having a big month, thanks in large part to Google. A couple of weeks ago, the company announced that it would start making passkeys the default login option for personal Google Accounts, a move that could push millions of people to start using post-password login security.
Now, passkeys have the support of one of the world’s biggest online retailers. It can be seen as the latest indication of Amazon’s enthusiasm for biometric technology, and its faith in the security of biometrics. Setting aside Amazon’s facial recognition tool for law enforcement, the company has lately been promoting the use of a biometric payments system that lets in-store shoppers make purchases with a wave of the hand after linking their payment details to a palmprint.
While many cybersecurity experts will welcome Amazon’s support for passkeys as a step forward for digital security, given the relative weakness of passwords, others have voiced serious doubts about the passkey security. Anonybit CEO Frances Zelazny, for example, has pointed out that the passkey system involves the storage of backup credentials on servers controlled by Google, Apple, and Microsoft; and if those servers were breached, hackers could theoretically use other people’s passkeys on their own devices.
For its part, Amazon is enthusiastic. “While passwords will still be around in the foreseeable future, this is an exciting step in the right direction,” said the company’s SVP of e-Commerce, Dave Treadwell. “We are thrilled to be an early adopter of this new authentication method, helping to realize our vision for a more secure, passwordless internet.”
October 24, 2023 – by Alex Perala