15 Billion Accounts and Counting: What Passkey-Ready Scale Means for Banks

TL;DR

Over 15 billion online accounts are now passkey-capable, according to the FIDO Alliance. That's not 15 billion people using passkeys. It's 15 billion accounts where the infrastructure exists for passwordless sign-in. The distinction matters, and the implications for banking are bigger than most institutions realize.

The Number

In late 2024, the FIDO Alliance reported that passkeys had been used to sign in to over 15 billion online accounts. Apple, Google, and Microsoft, the three companies whose platforms collectively reach virtually every consumer device, all support passkeys natively. When a customer picks up their iPhone, Android phone, or Windows laptop, the device is passkey-ready out of the box.

This is a fundamentally different environment from even two years ago, when passkey support was fragmented and most customers had never encountered the technology.

What This Means for Banks

The most common objection to passkey deployment in banking has been "our customers aren't ready." That objection relied on the assumption that customers would need new devices, new software, or new habits before passkeys could work at scale.

With platform-level support built into iOS, Android, and Windows, that assumption no longer holds. Your customers' devices almost certainly support passkeys already. The barrier isn't device readiness. It's whether your bank offers the option.

The Adoption Gap

There's a meaningful gap between passkey-capable and passkey-active. Most of those 15 billion accounts still use passwords day-to-day. Consumer awareness of passkeys remains low. Many services that could support passkeys haven't implemented them yet. And in financial services specifically, most institutions are still in planning or early pilot stages.

This gap is the opportunity. Banks that deploy passkeys now are meeting customers on devices that already support the technology, ahead of competitors who are still deliberating. Early movers in any authentication shift tend to see outsized benefits: lower fraud, reduced support costs, and customer loyalty from being the bank that made sign-in effortless.

Why the Consumer Tech Companies Did the Heavy Lifting

Banks didn't have to build the passkey ecosystem. Apple, Google, and Microsoft invested billions in platform-level support because passwords are broken for everyone, not just banking. That investment created the device infrastructure banks can now leverage without building it themselves.

This is unusual. Most security improvements in banking require the bank to build and maintain the entire stack. With passkeys, the hardest part (getting the technology onto every customer's device) was done by someone else. What remains for banks is implementation: enrollment flows, backend infrastructure, migration strategy, and customer education.

The Regulatory Tailwind

The platform readiness story is reinforced by regulatory direction. PSD3 in Europe, RBI's evolving authentication framework in India, BSP Circular 1213 in the Philippines, and directives from the UAE Central Bank and SAMA all push financial institutions toward stronger, phishing-resistant authentication. Passkeys are a natural compliance path for every one of these frameworks.

When the technology ecosystem and the regulatory environment point in the same direction simultaneously, that's not a coincidence. It's a signal.

What Comes Next

The 15 billion number will keep growing as more services adopt passkeys and more consumers experience passwordless sign-in outside of banking. Each consumer who uses a passkey to sign into their Google or Apple account becomes a customer who wonders why their bank still asks for a password.

The window for early-mover advantage is open but narrowing. The infrastructure is in place. The question is whether your institution will use it.

Sources

• FIDO Alliance, "Passkeys"
• Apple, "About passkeys"
• Google, "Sign in with a passkey"
• FIDO Alliance, "FIDO Authentication in Financial Services"
• European Commission, PSD3 Proposal