The end of passwords? Amazon becomes the latest to adopt biometric alternatives

Amazon is hopping on the passkey bandwagon.

The retailer became the third tech giant this year to roll out or increase support for passkeys on browsers and mobile apps, which could hasten the demise of traditional passwords. Effective immediately, Amazon customers are able to set up passkeys in their Amazon settings, which will let them use biometric data, such as a face scan or fingerprint, to access their account, or just the PIN they use to unlock their device.

The feature is available to customers who use browsers and is gradually being rolled out to iOS users of the Amazon app. Android support is coming soon, the company says.

“This is about giving customers ease-of-use and security simultaneously in their Amazon experience,” said Dave Treadwell, senior vice president of ecommerce at Amazon, in a blog post. “We are thrilled to be an early adopter of this new authentication method, helping to realize our vision for a more secure, passwordless internet.”

To be clear, passwords aren’t going away in the immediate future. They’re still the most dominant form of security for most users, and a full transition to passkeys will take a long time.

Still, most of the tech giants have now voiced support for passkeys, which should hasten their broad adoption. Apple made the jump in June, announcing passkey support would be built into the recently launched iOS 17. That support was extended to third-party apps and websites that utilize the “Sign in with Apple” feature as well.

And just two weeks ago, Google made passkeys the default option for accessing Google accounts, after initially launching passkey support on May 5 of last year. Microsoft, also, offers the technology (though it utilizes alternate phrasing, such as “Windows Hello” or “security key”).

Passkeys have been touted as a replacement for passwords. By using your fingerprint or a scan of your face (or your device’s PIN number), you’re able to automatically log into an app or website (once you approve the request). Basically, it’s using your device to prove that you’re really you.

They work by generating a pair of keys—one public, which is stored on the cloud; and one private, which is stored on the device. If a server is compromised, accounts are still protected, as the hacker won’t have both sets of keys.

Proponents of the technology say it’s a much more secure option, since too many people opt for simple passwords or utilize the same ones on multiple websites. And even fewer use two-factor authentication. Passkeys are more secure in that they require authentication for every user, every time they’re used. In other words, you don’t stay logged in—since logging in again takes virtually no time. And the encryption on them is different for each site, which makes it harder for hackers to use them as a backdoor into your account.

However, skeptics note that by doing away with passwords, large companies like Apple have a bigger opportunity to incorporate you into their ecosystems, giving them an even deeper knowledge of your digital habits. 

“The introduction of passkeys is an important step in making the Amazon experience easier and safer for our customers,” wrote Amazon. “We’ll continue to encourage customers to adopt passkeys and invite the industry to join us.”