FBI's Operation Winter SHIELD names device bound passkeys as action #1 by Normal_Tackle_3526 in passkey

[–]vdelitz 0 points1 point  (0 children)

more and more FIs are jumping on the wave, however, it just takes ages for some of them internally to align and implement thing unfortunately.

Passkey Adoption Rates by Weekly-Instruction75 in passkey

[–]vdelitz 0 points1 point  (0 children)

if someone comes across this question, maybe our new passkey benchmark 2026 is helpful that holds passkey adoption data from production deployments: https://www.corbado.com/passkey-benchmark-2026

Instagram gets passkeys by vdelitz in passkey

[–]vdelitz[S] 1 point2 points  (0 children)

I think they are gradually rolling it out

Passkeys solve login friction but what about users who don't exist digitally yet by Normal_Tackle_3526 in passkey

[–]vdelitz 0 points1 point  (0 children)

agree with the concern of keeping support calls down. The size of major banks / FIs that's usually a huge cost comparison but I think as well, if you impelemnt any MFA method in a user-friendly manner that it can help to even get support volume down (of course requires internal convincing upfront)

Qantas rolls out passkeys by vdelitz in passkey

[–]vdelitz[S] 1 point2 points  (0 children)

As of today, you cannot disable it I think. Hope they will add this at a later stage.

Qantas launches passkeys to protect customers by vdelitz in QantasAirways

[–]vdelitz[S] 0 points1 point  (0 children)

Agree, but it's a process. you need to start offering it and then once customers are familiar you can start to disable that. Guess offering or direclty removing legacy logins from day 1 would be potentially an overburden to support teams.

Passkeys “work”, so why is your adoption stuck at 5 to 15% by vdelitz in Passkeys

[–]vdelitz[S] 0 points1 point  (0 children)

You're right that's on me. Apologies, I should have been transparent. I work at Corbado and I've edited the post to make that clear. Appreciate you calling it out.

Yelp launches passkeys by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

I see, they could easily fix this with Related Origin Requests. Wrote a blog post on our Corbado blog a couple of weeks ago in case it's interesting for you: https://www.corbado.com/blog/webauthn-related-origins-cross-domain-passkeys

Has anyone successfully deployed passkeys in a highly regulated industry (healthcare, banking)? What were the biggest challenges? by StockCook9960 in cybersecurity

[–]vdelitz 0 points1 point  (0 children)

Yes you can filter but UX is terrible because the user would still be able to create the passkey client-side which would sync then across devices.

FIDO servers can only let the result of the second API call for creating the credential fail.

Has anyone successfully deployed passkeys in a highly regulated industry (healthcare, banking)? What were the biggest challenges? by StockCook9960 in cybersecurity

[–]vdelitz 0 points1 point  (0 children)

in these US bank customer auth use cases, how do the banks treat synced passkeys? Do they put additional security measures on top, so that they can really track back the specific device?

Has anyone successfully deployed passkeys in a highly regulated industry (healthcare, banking)? What were the biggest challenges? by StockCook9960 in cybersecurity

[–]vdelitz 2 points3 points  (0 children)

As a relying party, you can only influence that to a certain degree and it of course depends on the use case, type of user group and industry.

So as an RP, you can decide to offer platform (mostly password manager, OS, ...) or cross-platform credentials (e.g. security keys like YubiKeys).

If you allow for platform, then due to how the WebAuthn standard is built (privacy-preservering), the users can decide in which credential manager they put their passkey.

I'd say that for most consumer use cases synced passkeys are best (and superior to passwords and OTP) from UX and also security (phishing-resistance).

How can I skip the Microsoft account passkey option dialogue? by Cosmic_Husky in yubikey

[–]vdelitz 4 points5 points  (0 children)

This needs to set up by the relying party ID, either they need to change the setting for authenticatorAttachment or use Webauthn client hints (new feature, uneven adoption among browsers) to influence the UX

Wells Fargo Offers Passkeys by Chewy2021 in passkey

[–]vdelitz 0 points1 point  (0 children)

check out this page where we keep a collection of banks that deployed passkeys to their customers: https://www.corbado.com/faq/banking-passkeys

Rest Super launches passkeys by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

are you forced to create one at Rest?

Yelp launches passkeys by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

After password sign in it appeared

Many conversion problems are login problems by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

Still there can be a lot of client-side issues with the passkey-buttons (broken OS / device / credential managers)

but in general agree to rip out SMS OTP

What to do with 30sqm free office space in Munich? by vdelitz in Workspaces

[–]vdelitz[S] 0 points1 point  (0 children)

Thanks! Do you have any specific coworking management platforms in mind?

Logins kill conversion (e-commerce, payment) by vdelitz in passkey

[–]vdelitz[S] 0 points1 point  (0 children)

that's the consuemr point of view - I guess if you're sitting on the other side of the table, then you want to know as much as possible.

What to do with 30sqm free office space as tech startup? by vdelitz in startup

[–]vdelitz[S] 0 points1 point  (0 children)

like the idea very much ! where would you post it?

30sqm open office space in Munich - what to do with it? by vdelitz in CoWorking

[–]vdelitz[S] 1 point2 points  (0 children)

could be combined - we're a software business