Downloaded 15 times
More Related Content
Similar to Insights from Large-Scale B2C Passkey Deployments.pptx
Insights from Large-Scale B2C Passkey Deployments.pptx
- 1. Insights from large-scale B2Cpasskey deployments 10x passkey adoption. For B2C logins. No user data migration. www.corbado.com
- 2.
- 3. Millions of users Banking,insurance, healthcare, transport, government, utility, e- commerce Consumer authentication with MFA need (e.g. SMS OTP, authenticator apps) Large-scale B2C deployments
- 4. Improve security Phishing &account-takeover Reduce friction Consumers hate traditional MFA Save costs High SMS OTP volumes & MFA recoveries Why passkeys for large-scale B2C deployments?
- 5. 25% 50% 75% 100% months 4 8 Edgecases: Different WebAuthn support in OS & browsers User flows: Balance UX / security to keep friction low Legacy systems: Integrate existing IT infrastructure 12 Launch Passkey adoption IMPLEMENTATION CHALLENGES Typical passkey project
- 6. 25% 50% 75% 100% months 4 8 User flows: BalanceUX / security to keep friction low Legacy systems: Integrate existing IT infrastructure 12 Launch Passkey adoption Promised to management IMPLEMENTATION CHALLENGES Typical passkey project Edge cases: Different WebAuthn support in OS & browsers
- 7. 25% 50% 75% 100% months 4 8 User flows: BalanceUX / security to keep friction low Legacy systems: Integrate existing IT infrastructure 12 Launch Passkey adoption Promised to management IMPLEMENTATION CHALLENGES Typical passkey project Reality Why? Edge cases: Different WebAuthn support in OS & browsers
- 8. Passkey Adoption =Creation + Usage
- 9. Creation Passkey adoption Implementation isthe start, adoption is the goal Creation in account settings 10%
- 10. Passkey adoption Implementation isthe start, adoption is the goal Creation in login flow Conditional creation 20% Creation
- 11. Usage Passkey adoption Implementation isthe start, adoption is the goal 40% Conditional UI 1-Tap passkey login Creation Challenging
- 12. Identifier-first & automaticlogin 80-100% Usage Passkey adoption Creation Challenging Start passkey login automaticall y Intelligent decision Implementation is the start, adoption is the goal
- 13. Plan adoption like implementation,think about identifier-first True passkey adoption comes from usage, not only from creation Users love the simplicity of passkeys. Devices are ready. Push passkeys. Be bold. Key take-aways
- 14. Hear how VicRoadstackled the challenges of large-scale passkey deployments Vincent Delitz Managing Director Australia vincent.delitz@corbado.com www.corbado.com Find us at our booth and learn more about passkey adoption! (we also have cool stickers)
Editor's Notes
- #1 Hi, I’m Vincent from Corbado At Corbado, we help large B2C organizations deploy passkeys at scale. Our focus is to get 10 times higher passkey adoption without migrating a single user.
- #2 Passkey Implementation does not guarantee passkey adoption for large-scale B2C deployments So in layman’s terms: You implement passkeys but users don’t use them So let’s break it down what this German guy on stage actually means by that
- #3 First, what are large-scale B2C deployments? Usually these application have millions of existing users Mostly, they are in industries where consumers need to regularly log in, such as banking, insurance, healthcare or government and alike And most of these organizations have or plan to have MFA in place, so they offer SMS OTPs or authenticator apps
- #4 So why do passkeys make sense here? First of all, passkeys are MFA by default & phishing-resistant, thus they help to fix a lot of security issues like phishing, fraud or account-takeovers Moreover, they also reduce the friction from traditional MFA (I mean, who actually enjoys entering time-based codes?) And on top of that, passkeys eliminate huge operational costs like SMS OTP fees or customer support cases related to MFA recoveries or in banking where fraud causts can be reduced In banking reducing fraud trumpts most of all other costs
- #5 That’s why organizations decide to add passkeys. Let’s see how a typical passkey project looks like. In the first phase, the implementation phase, there are a couple of implementation challenges quite common. You need to figure out how passkeys fit in the user flows to balance convenience & security You see how to integrate passkeys with your existing stack And lastly, you need to deal with all the different devices, operating systems and browser behaviors + WebAuthn features. This is already complex from a technical point of view but can be done with the right know-how and resources, still it takes time
- #6 So after 12 months of implementation, everything is ready and you’re about to launch As you have implemented everything, you promise your management a quick & high adoption of passkeys, because you have implemented everything right
- #7 You wait for big bang effect of passkey but adoption keeps lagging behind and only grows slowly And the adoption looks more like this And not adoption means, no savings, no fraud protection, no security The project fails And the reason for that is, that simply implementing passkeys does not guarantee the adoption by users And no adoption means, no savings, no fraud protection, no security The Project fails.
- #8 So let’s see how we can fix this First, we need to understand that passkey adoption means two things: passkey creation (so you need to get users to create a passkey) and usage (so that the created passkeys are actively used by users to login) Here it’s important that the usage is often neglected as it’s more challenging There are four areas to improve adoption , but it’s the last one that gets most attention but has the biggest impacts and its the last one that gets least attention that is the most important (spanungs bogen)
- #9 Let’s start with the creation The simplest way? Offer users to create a passkey in the account settings This will get you some adoption – but not enough
- #10 The next thing is to create a passkey in the conventional login flow. This is the pattern which is more common. On some newer devices and browsers, conditional creation to automatically create passkeys might also work but this is still in its infancy This will get you some more adoption, but it’s still not enough and complicated to built in MFA context (back of the head not sure if needs to be said) nur Hinterkopf
- #11 Now we come to the usage levers You can use Conditional UI (passkey autofill) to automatically suggest the user to use an available passkey or you build something like 1-tap passkey button that also remembers that passkeys are available and directly start the passkey login upon user click. Big benefit is that users don’t even need to remember their username That’s a big lever for your passkey adoption.
- #12 Now comes the most important part, because this is what big consumer brands like Google, Amazon or Kayak do to get the adoption up The key is going identifier-first. This means you ask the user for their email address for instance and based on that you check in your stored user, device, passkey and meta data if passkey login makes sense and if yes, automatically kick it off and avoid that the user falls back to old methods The reason behind is that consumers do not read instructions, change habits slowly and will continue to use prefilled email/password fields ignoring conditional UI; they also won’t click on separate passkey buttons Identifier-first removes the need for them to choose – they just log in. This is the single most effective way to drive real-world passkey adoption So if you have a large consumer user base, these 4 strategies will all help to get your adoption up, so that your passkey implementation gets the desired results Not clear somehting missing and avoid that the user falls back to old methods, if a passkey fits let him use it
- #13 Let’s wrap this up Plan adoption like implementation. Go identifier-first if you want high adoption. Users love the simplicity. In 2025, Devices in are ready, so be bold and push There’s never been a better time to start collecting passkeys
- #14 But don’t just take my word for it. Let’s hear from VicRoads – one of the first public agencies to roll out passkeys to millions of users and learn how they approached their passkey deployment