Passkey Usage Report @ Money Forward ID (vol.6, Oct 2024)

Japanese version of this article is available here.

Intro

Hi everyone, I’m @Mapdu from the Money Forward ID Service Development team.

It’s been a few months since we published the Passkey Usage Report vol.5 and mentioned the Passkey Upgrade announced at WWDC 2024. At that time, the technical details hadn’t been fully disclosed.

However, we’re excited to announce that Money Forward ID now supports passkey auto upgrade during user sign-in. Since this feature was released at the end of September, we still need more time to evaluate and improve it, but we’ve already seen some positive results. I’ll be sharing more details soon.

Automatic Passkey Creation & Upgrades

At WWDC 2024, Apple introduced a new password manager app as part of the iOS 18, iPadOS 18, and macOS Sequoia operating systems. This is important for passkey auto upgrade.

Passkey auto upgrade feature that aims to streamline the transition from traditional passwords to passkeys, which are more secure and phishing-resistant. This feature is designed to work behind the scenes, automatically upgrading password-based logins to passkeys when available, without interrupting the user experience.

The process is handled by the system, meaning the user doesn’t need to manually initiate the upgrade or interact with additional dialogues.

Passkey upgrades generally occur automatically after a password is autofilled by the new Passwords app. Since autofill triggers a Face ID or Touch ID scan in the same process, the creation of a credential is permitted.

In other cases (e.g., manually entering a password) will not work because there is no prior authentication that can be considered consent for passkey creation.

Refer: https://developer.apple.com/videos/play/wwdc2024/10125/

In September, we start supporting passkey auto upgrade at Money Forward ID. When users log into Money Forward ID using passwords and don’t have a passkey, they will see a loading page for passkey upgrades as below.

During this brief loading period, the system checks if the user meets the criteria for an passkey auto upgrade. If so, a passkey will be created behind the scenes without any additional input from the user.

At the beginning, the target users were limited to 1%, but at the end of September, we expanded it to 100%.

Data shows that at least 20% of authentication actions are done by password managers, and 74% of users are on iPhone, iPad, or macOS devices. This means that approximately 20% x 74% = 15% of all password users are potential candidates for passkey auto upgrade (assuming they are using the latest OS versions).

Let’s also look at the number of new passkey registrations in context as follows.

Figures shows that approximately 57.5% of new passkey registrations each day are through passkey auto upgrade.

This feature will be supported by default, so while users may not be aware of this, but as mention in previous post Money Forward ID fully supports automatic passkey autofill, allowing them to use passkeys naturally, as long as their password manager supports it.

As more devices adopt iOS 18, iPadOS 18, and macOS Sequoia, the number of passkey auto upgrade will only grow. This trend is further supported by the fact that Apple isn’t the only player in the space. As other password managers, such as 1Password begin to integrate passkey auto upgrade functionality into their services, the potential for passkey adoption will grow.

Bug in ASWebAuthenticationSession.

As many of you are aware, and as we mentioned in our previous report, a bug has rendered the passkey autofill feature inoperable within ASWebAuthenticationSession since the release of iOS 17.4.

Although iOS 17.5 introduced the ability to manually access the password manager to select passkeys, the expected autofill functionality has yet to be restored.

Despite the release of iOS 18 now, the bug remains unresolved. We have submitted a support request to Apple regarding this issue, but it seems it will take more time to address. So, let’s await future releases.

Passkey Promotion Progress

As mentioned in the previous post, we stopped promoting passkey during user sign-in and start promoting it after account registration completion.

With the end of the promotion at sign-in, which accounted for the majority of traffic to the promotion page, the new passkey registrations have significantly dropped to approximately 35,000 in the past three months. However, in the long term, we believe that eliminating promotions with little impact will be advantageous.

We have been promoting passkeys after account registration completion over the past few months, and here are the metrics for September.

Based on calculations it shows that the passkey registration success rate is only 30% (similar to the results when promoting passkeys during sign-in), the refusal rate is about 34.3%, compared to around 50% during sign-in.

The number of users who are unable to register for passkeys despite clicking accept button shows no signs of improvement, indicating that there are still many challenges in terms of UI/UX and passkey availability across platforms.

Passkey Registration Status @ 2024 Oct.

As of early October 2024, there are about 1,185,000 passkeys registered in Money Forward ID.

In the last report, we had 1,150,000 units, with only around 35,000 new registrations in the past three months. This is because we stopped promoting the passkey during user sign-in.

The breakdown by OS is as follows. There is no big movement here.

OSPercentage of total (last time → this time)
iOS61% -> 61%
Android20% -> 19%
macOS8% -> 9%
Windows10% -> 10%

Passkey Usage @ 2024 Oct.

Let’s also look at the percentage of all registered passkeys that are actually used for authentication for each OS.

OSPercentage actually used for authentication (last time → this time)
iOS41% -> 50%
Android41% -> 58%
macOS47% -> 56%
Windows27% -> 37%

Passkey usage rates increased significantly after passkey promotion was stopped at sign-in.

As time passes, these numbers will continue to grow as new passkey registrants have the opportunity to use them once the old session expires.

As before, passkeys continue to surpass Google Sign-in (by double) and hold second place behind passwords.

Conclusion

This is the passkey usage status report for Money Forward ID as of October 2024.

We will continue to provide updated data and insights on passkey auto upgrade in the next vol.

See you again in Vol 7.

Published-date