The 2025 Dashlane Passkey Power 20

Despite years of warnings from security experts, passwords remain the Achilles' heel of digital security. According to Dashlane data, the average person now manages 301 passwords across their personal and work accounts. Yet, credential abuse remains the most common initial attack vector.¹ For CISOs and IT leaders, the problem is clear: The authentication method designed to protect users has become their greatest liability.

Passkeys represent a fundamental reimagining of authentication, one that eliminates password vulnerabilities while dramatically improving user experience. Built on FIDO Alliance standards and leveraging public-key cryptography, passkeys are phishing-resistant by design, impervious to credential stuffing attacks, and require no memorization on the part of users.

In our inaugural 2024 Passkey Report, we documented early momentum behind this passwordless revolution.² Now, one year later, the data tells a compelling story: Passkey adoption isn't just growing, it's accelerating.

“The transition from passwords to passkeys is a once-in-a-generation change and the most consequential security advancement for everyday users in decades," said John Bennett, CEO of Dashlane.

The 2025 Dashlane Passkey Power 20 is based on an analysis of Dashlane data encompassing millions of aggregated and anonymized web and mobile passkey authentications globally from the past year. As the first credential manager to support passkeys across all major platforms, Dashlane occupies a unique vantage point; our data reflects mainstream authentication behavior across consumer and enterprise environments.

This year's report examines not only who's adopting passkeys, but also how quickly they're scaling, which implementation approaches are resonating with users, and what the trajectory reveals about the future of authentication. For security leaders evaluating their own passwordless strategies, these insights offer a roadmap informed by millions of real authentication events.

The password era is ending, not through mandate, but through momentum. Dashlane data reveals the scale of this shift: Passkey authentications have more than doubled year over year to 1.3 million per month. Meanwhile, user adoption has exploded, with 40% of Dashlane users now storing at least one passkey—double the rate from just a year ago. Let's examine what's driving it.

The brands driving passkey adoption tell a story about where passwordless authentication is gaining real traction. Our analysis reveals which organizations are successfully moving users to passkeys, and the results show a clear pattern: The companies people interact with most frequently are leading the charge.

The Power 20 domains are ranked by share of total authentications over the past year, with Google excluded as a platform provider. These rankings reflect both the size of each domain's user base and the frequency with which their apps require authentication. Sticky, high-frequency services naturally generate more passkey activity.

Led by Amazon's commanding 39.9% share, e-commerce platforms represent approximately 45% of all passkey authentications. Amazon, eBay, Lowe's, Home Depot, and Target collectively demonstrate how retail giants are embracing passwordless authentication to reduce checkout friction.

The impact is particularly notable at Amazon, which made passkeys the default sign-in option on mobile for customers who have configured them in 2024.³ In addition to their market dominance, this bold move signals confidence in the technology's maturity and user acceptance.

“Business leaders are quickly recognizing that passkeys have the potential to generate billions in revenue and cost savings by removing the user friction inherent in passwords and nearly eliminating the risk of account compromise for their customers,” said Andrew Shikiar, CEO and Executive Director of the FIDO Alliance.

Two platforms demonstrate how quickly passkey adoption can scale when implementation is done right. HubSpot and Okta have rapidly climbed into our top 20 despite launching passkey support only recently.

HubSpot announced passkey support in December 2024 and has seen remarkable results.⁴ According to Hubspot CISO Alyssa Robinson: "At HubSpot, we've seen first-hand the impact passkeys have when they're able to not just increase security, but simultaneously reduce user friction. Adoption has grown rapidly since our launch late in 2024, resulting in a significant reduction in password reliance.”

She goes on to say, “We have also seen a 25% improvement in login success rates over passwords, as well as a 4x faster time to login compared to passwords and 2FA. We're happy to see HubSpot climbing the leaderboard in Dashlane's passkey adoption report and are excited to continue on the journey of a safer passwordless world."

Okta launched general availability of passkeys in its Okta Customer Identity Cloud in February 2024, and the identity platform's appearance at #11 reflects strong enterprise adoption.⁵

When digital assets worth billions are at stake, security isn't optional; it's existential. Cryptocurrency platforms Coinbase (#4), Binance (#6), and Kraken (#12) all rank in our top 20, reflecting how high-value targets are prioritizing phishing-resistant authentication.

The urgency is even more pronounced on our fastest-growing list (see below), where Gemini made headlines in May 2025 by requiring all users to set up a passkey to access their accounts, one of the first major platforms to mandate passwordless authentication.

Beyond consumer adoption, business-facing applications are driving significant passkey activity. Cisco Duo (#8) and HubSpot (#10) demonstrate that enterprise security, IT, and sales platforms recognize the productivity gains and security benefits of eliminating password friction for business users.

Their presence in the top 20 signals that passkey adoption is becoming a competitive differentiator in the B2B software market.

While our Power 20 ranking reveals which services are driving passkey adoption, two tech giants occupy a separate tier entirely, though for very different reasons. Google and Apple's approaches to passkeys highlight divergent philosophies about user choice, platform control, and the path to passwordless authentication.

And while not one of the top 20 from a total authentication perspective, Microsoft has entered the mix as one of the fastest growing by authentication volume. 

Google commands half of all passkey authentication activity measured in our dataset, a scale so dominant that including it in our top 20 would distort the competitive landscape for other services. We've separated Google from our rankings for two key reasons: Its sheer volume dwarfs that of other platforms, and it functions as an SSO (single sign-on) provider that users authenticate through to access numerous other domains, making direct comparisons misleading.

The numbers tell a remarkable story of acceleration. Google passkey authentications exploded by 352% over the past year, driven by a pivotal product decision: In October 2023, Google made passkeys the default login option for personal Google Accounts.⁶ This move effectively exposed hundreds of millions of users to passwordless authentication, creating the largest real-world deployment of passkeys to date.

“The web is in the midst of a monumental shift that will make the digital lives of billions of users easier and more secure with passkeys,” said Christiaan Brand, Principal Product Manager: Identity and Security at Google.

Google's approach demonstrates the power of defaults. By making passkeys the path of least resistance rather than an opt-in security feature, Google transformed passkey adoption from a trickle into a flood.

For organizations evaluating their own passwordless strategies, Google's success offers a clear lesson: Adoption accelerates dramatically when passkeys become the default experience rather than an alternative.

Passkeys used to unlock Apple’s websites cannot be exported. They remain within Apple’s closed ecosystem.

However, with iOS 26, released in September 2025, Apple introduced support for secure credential portability, allowing users to seamlessly move third-party passkeys and other credentials between the Apple Passwords app and third-party providers such as Dashlane via Credential Exchange.

This shift toward interoperability marks a significant evolution in Apple's stance and addresses a key pain point for both consumers and IT admins who prefer platform-agnostic credential management.

The contrast between Google's open, default-first approach and Apple's historically controlled, ecosystem-centric model, now evolving toward greater interoperability, illustrates that there's no single path to passwordless adoption. Both strategies are driving passkey usage forward, but with different implications for user choice, enterprise flexibility, and the broader credential management ecosystem.

While not a member of the top 20 most popular passkey domains, you’ll see that Microsoft does appear at #5 in the fastest-growing passkey domains chart below. Continue reading to learn more about their decision to make passwordless authentication the default path.

While our Power 20 reveals which platforms command the largest share of passkey activity, growth tells a different story—one of momentum, strategic bets, and emerging adoption patterns. The fastest-growing domains reveal where passkey implementation is accelerating most rapidly and which sectors are aggressively adopting passwordless authentication.

For this analysis, Dashlane examined three-month growth in authentication from Q2 2025, identifying the domains where passkey usage surged most dramatically. The results reveal a striking shift: Passkeys are no longer just for early adopters. They're becoming mandatory for high-stakes platforms, a default for major tech players, and increasingly adopted by government services worldwide.

Last year's report focused on "sticky" consumer apps like e-commerce and finance leading the charge. While those sectors remain prominent, this year's data shows a broader and more diverse landscape.

Organizations are now actively encouraging, and in some cases mandating, the use of passkeys. Gaming giants are embracing them for seamless access, high-stakes finance platforms are requiring them for security, and even government agencies are implementing them for public services.

Roblox's 856% growth in passkey authentications represents the most dramatic surge in our dataset, and it's no accident. The gaming platform has gone all in on passkeys, recognizing that its users have something genuinely valuable to protect: Purchased items, created worlds, and significant time investments within their accounts.

At Dashlane, we protect secrets, and we understand that for Roblox's predominantly younger user base, their accounts represent real value that demands real security. This demographic is also uniquely positioned to adopt passkeys rapidly; they're mobile-native, already accustomed to unlocking devices with biometrics or PINs, and less attached to password-based workflows. Passkeys align perfectly with how they already interact with technology.

Sony's 21% growth further demonstrates that the gaming community, which values both speed and security, is becoming a major driver of passkey adoption. When friction means losing players and breaches mean losing trust, passwordless authentication becomes a competitive advantage.

In fintech and cryptocurrency, legacy two-factor authentication is no longer secure enough. When platforms protect financial assets, security isn't negotiable. That's why finance platforms are not just offering passkeys, but increasingly requiring them.

Gemini's 269% growth explosion stems directly from a bold decision: In May 2025, the crypto exchange made passkeys mandatory as a second authentication factor for all users. This move signals broader industry recognition that phishing-resistant authentication is essential when billions of dollars in digital assets are at stake.

Mercury (80% growth) and PayPal (56% growth) demonstrate continued momentum in fintech, cementing passkeys as the preferred login method for secure financial transactions. For platforms handling money, passkey adoption is both a security imperative and a trust signal to users.

A select group of European and Australian government agencies grace our fastest-growing list, signaling that passkeys are expanding beyond commercial applications into public services. Germany's Bundesagentur für Arbeit (Federal Employment Agency) saw 181% growth, while the UK's National Health Service grew 56%, and Australia's VicRoads grew 25%. 

In particular, the German government recently announced that it wants to make passkeys its primary authentication method. They’ve created draft guidelines that are currently under review.⁷

Government adoption is particularly significant. These are conservative institutions with rigorous security requirements and diverse user bases. Their embrace of passkeys demonstrates that the technology has matured beyond early-adopter status and is ready for mission-critical, public-facing applications serving millions of citizens.

Companies serving businesses, including Ramp (172%), Sophos (57%), HubSpot (34%), and Ubiquiti (37%), are driving significant growth in passkeys, signaling enterprise trust in passwordless authentication to protect sensitive data while improving the user experience.

For B2B platforms, passkey adoption addresses dual concerns: Protecting enormous volumes of business-critical data while reducing the IT burden of password resets, account lockouts, and credential-related support tickets. When enterprise software providers implement passkeys, they're making a statement about both security posture and operational efficiency.

In May 2025, Microsoft made passkeys the default sign-in method for all new Microsoft accounts,⁸ a decision that drove 120% growth in passkey authentications. When one of the world's largest technology companies makes passwordless authentication the default path, it sends a powerful signal to both consumers and enterprises about the technology's readiness for mainstream adoption.

Microsoft's move mirrors Google's 2023 decision and reinforces a critical lesson: Making passkeys the default option on major platforms creates more adoption momentum than any amount of education or encouragement could achieve on its own.

When we published our inaugural Passkey Report in 2024, we documented the stirrings of a passwordless revolution. One year later, the data reveals something more significant: Momentum has become a mandate.

The numbers tell an unambiguous story. Google's 352% growth in passkey authentications. Roblox's 856% surge. Major platforms like Amazon and Microsoft making passkeys the default option, not an alternative—and Gemini requiring them outright. Clearly, these aren't experiments; they're strategic commitments from organizations that recognize the password era is coming to an end.

The diversity of adoption is equally telling. E-commerce giants are protecting transactions. Cryptocurrency platforms are securing billions in digital assets. Gaming companies are serving mobile-native users. Government agencies are delivering public services. Enterprise software companies are protecting business-critical data.

For CISOs and IT leaders, the strategic implications are clear. The organizations driving passkey adoption aren't waiting for perfect interoperability or complete ecosystem maturity. They're recognizing that the security and user experience benefits outweigh any remaining friction. With credential abuse still the most common attack vector, and the average person managing 301 credentials, the cost of inaction is measured in millions per breach and countless hours of lost productivity.

The technical foundation is solidifying. Apple's introduction of credential portability in iOS 26 eliminates a major barrier to cross-platform adoption. The FIDO Alliance's Credential Exchange standards create pathways for users to move passkeys freely between providers. Major platforms are making passwordless authentication the default path, not an opt-in feature buried in settings.

Yet, we're still in the early chapters of this transformation. The "long tail" of adoption will take years as thousands of services, legacy systems, and smaller platforms gradually implement support. But make no mistake: The direction is set, the momentum is undeniable, and the leaders are already emerging.

The question is no longer whether passkeys will replace passwords, but how quickly organizations will move to capture the security, user experience, and operational benefits of passwordless authentication. The data from millions of authentications across thousands of services provides a clear answer: The future isn't coming, it's already here for those ready to embrace it.

At Dashlane, we'll continue tracking this evolution, providing the insights that help organizations navigate the transition to a passwordless world. The 2025 Passkey Power 20 represents a snapshot of an industry in transformation, and we look forward to reporting on the continued acceleration.

The Dashlane Passkey Power 20 is based on an analysis of Dashlane data encompassing millions of anonymized and aggregated web and mobile passkey authentications (e.g. Dashlane can see what percentage of all users have credentials for a specific site, but not whether any individual user has credentials for that site) from the past year.

A passkey authentication consists of the use of a passkey to log into a site or service and access an account. With the novelty of passkeys, implementations and authentication policies can differ across sites (certain sites may have stricter re-authentication timelines than others, for example). Therefore, authentications do not necessarily reflect usage of the site or service.

Passkeys are implemented using the Web Authentication API (also known as WebAuthn), which allows servers to register and authenticate users using public-key cryptography instead of a password. Dashlane is unable to distinguish between WebAuthn-based 2FA and passkeys as a primary factor due to the nature of the WebAuthn API.

To ensure user privacy and anonymity, Dashlane only collects hashed domains within anonymous events. These events are stripped of precise timestamps and personal identifiers (like User ID or Device ID), making it impossible to link browsing activity back to an individual. Dashlane also limits the number of other data points collected to prevent re-identification through combined attributes, known as quasi-identifiers.

This technical foundation supports our zero-knowledge architecture and our steadfast commitment to user privacy, which you can read more about in our Privacy Policy.

1: Verizon, “2025 Data Breach Investigation Report,” 2025.

2: Dashlane, “Dashlane Unveils the Top 20 Fastest-Growing Passkey Apps,” 2024.

3: Amazon, “Amazon is making it easier and safer for you to access your account with passwordless sign-in,” 2024.

4: HubSpot, “The Future of Login at HubSpot,” 2024.

5: Okta, “Passkeys are Generally Available,” 2024.

6: Google, “Passwordless by default: Make the switch to passkeys,” 2023.

7: Techradarpro, “Germany’s government wants to replace passwords with passkeys,” 2025.

8: Microsoft, “Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins,” 2025.