Since passkeys were introduced in 2022, thousands of websites have adopted them. They’re becoming the de facto phishing-resistant authentication method on the web. However, focusing solely on security overshadows their most immediate benefits: Speed and ease of use.
This evolution in usability highlights the power of building on interoperable standards like WebAuthn and CTAP.
In this article, we’ll examine five passkey-related technologies currently driving adoption and maximizing the utility of the passwordless experience.
1: Automatic passkey upgrades
This feature eliminates the biggest hurdle in the transition to passwordless: The manual setup. By prompting users to create a passkey during a standard password login, the browser or platform makes the upgrade nearly invisible, accelerating adoption.
This seamless transition relies on a "handshake" between the password manager and the website.
While Dashlane already supports automatic upgrades on iOS, we’re currently bringing this functionality to our web extension and Android app.
2: Related origins request
Passkeys are traditionally locked to a single domain, which can create friction for organizations with multiple domains.
Related Origin Requests (ROR) solves this by allowing a passkey created on one origin (like example.com) to be used across others (like example.fr). Because the website owner maintains an explicit, authorized allowlist, these credentials remain cryptographically bound and immune to phishing.
Dashlane fully supports this feature.
3: Signals API
The WebAuthn Signals API acts as a communication channel between a website and a password manager. By allowing websites to "signal" updates to the client, this API automates passkey management in two ways:
- Metadata updates: If a user updates their username or display name on the site, the API synchronizes those changes across to the password manager.
- Credential cleanup: When a passkey is revoked or deleted on the server, the website can signal the manager to remove or hide that specific credential from the selection UI.
By ensuring the password manager stays up-to-date with the website, the Signals API eliminates "stale" credentials and the need for manual cleanup.
Dashlane currently supports this feature on our iOS app, with Android and web extension support arriving soon.
4: WebAuthn PRF Extension
The PRF (Pseudo-Random Function) extension expands a passkey’s role from simple authentication to data protection.
It allows an authenticator to deterministically derive unique, symmetric encryption keys that are cryptographically bound to the passkey but never shared with the server. This enables "zero-knowledge" use cases, such as encrypting local vault data or securing cloud backups, using only the passkey itself.
At Dashlane, we’re planning to introduce PRF support in the near future.
5: Credential Exchange
For a long time, the biggest criticism of passkeys was the inability to move credentials between different providers.
The FIDO Alliance has addressed this by publishing the first standard for the interoperable and secure transfer of passkeys. This protocol also allows users to export and import many other data types stored in their password manager.
At Dashlane, we’ve been vocal advocates for this level of openness; we already support credential exchange on both our Android and iOS apps. Our users have the freedom to choose where they manage their credentials.
Passkeys are based on standards; passwords are not. Passwords are a patchwork of self-imposed, site-specific rules, making them prone to user error and breaches.
By contrast, passkeys are built on globally recognized, interoperable standards. This foundation is driving wider adoption and also continuous improvement.
At Dashlane we’re always looking to adopt the latest additions to the standards passkeys are based on.
Sign up to receive news and updates about Dashlane
