Passkeys are projected to become the predominant authentication method by 2027, driven by increasing vulnerabilities in traditional password systems and the rise of sophisticated AI-driven attacks, according to new analysis from Gartner. The trend follows significant momentum in passkey adoption, with major technology companies reporting login times up to three times faster than traditional passwords.
Research indicates that AI-powered tools will reduce the time required to compromise exposed accounts by 50 percent within the next three years. The acceleration of credential theft capabilities is compelling organizations to adopt more robust security measures, particularly passwordless and phishing-resistant authentication systems. The threat landscape has already seen evidence of this trend, with voice phishing attacks increasing by 442 percent in recent months due to AI-enhanced social engineering tactics.
“In the face of this evolving threat, security leaders should expedite the move toward passwordless, phishing-resistant multi-factor authentication (MFA),” said Akif Khan, Vice President Analyst at Gartner. Khan has previously highlighted the growing importance of digital identity solutions, having also predicted significant growth in digital identity wallet adoption by 2026.
The emergence of sophisticated deepfake technologies presents an additional challenge, with projections suggesting that 40 percent of social engineering attacks will use counterfeit reality techniques by 2028. These attacks, using synthetic audio and video, can potentially deceive even security-conscious employees. In response, companies like Beyond Identity have begun integrating specialized deepfake defense technology into their identity verification systems.
“Organizations will have to stay abreast of the market and adapt procedures and workflows in an attempt to better resist attacks leveraging counterfeit reality techniques,” said Manuel Acosta, Senior Director Analyst at Gartner.
Passkeys offer enhanced security compared to traditional passwords while providing improved user experience by eliminating the need to remember complex credentials. The technology implements public key cryptography and typically requires biometric verification or device-specific authentication. The FIDO Alliance has recently published detailed guidance for enterprise passkey implementation, helping organizations navigate the transition.
The transition to passkeys requires both technological implementation and organizational change management. Success depends on comprehensive user education and training programs, combined with clear communication about the benefits of passwordless authentication. Organizations are being advised to incentivize users to migrate from traditional passwords to multidevice passkeys where appropriate, with major platforms like Microsoft Authenticator planning native passkey support to facilitate this transition.
Sources: Security Brief, GRC, National CIO Review, CCN
Follow Us