Password security has long seemed like a losing battle, but tech pros generally agree that passkeys are the closest thing we have to a real shield against modern hackers. These unique digital credentials rely on device-specific biometrics—like your face or fingerprint—making them incredibly difficult to steal or phish. Yet, despite the obvious safety benefits, some of the most visited websites on Earth still haven’t bothered to offer passkey support.
To address this, cybersecurity researchers Scott Helme and Troy Hunt have teamed up to build a public accountability portal called whynopasskeys.com. The premise of the project is simple: scan the internet’s most heavily trafficked destinations, evaluate their authentication security, and place the laggards on a public leaderboard for the entire world to see. As Helme explained in a launch announcement, a simple public list is a surprisingly effective motivator because no corporate security team wants their employer sitting in the red column.
The data behind the push
The launch-day metrics reveal a pretty massive gap in consumer security. The database shows that 6 of the top 25 global destinations on the internet—roughly 24%—completely lack native passkey integration. This isn’t a list of small local shops struggling to find engineering resources. You’ll notice the index names household giants with hundreds of millions of active accounts, including Netflix, Spotify, Samsung, Roblox, and Instagram.
The passkey support implementation across big tech is also frustratingly inconsistent. While parent company Meta enables the system for Facebook and WhatsApp, Instagram users can only use it if their account is directly linked to an active Facebook login. True passkey support allows a user to skip traditional text forms entirely, but many platforms either ignore the technology or limit it to a secondary, optional step inside their multi-factor authentication menus.
Crowdsourcing a safer internet
Unlike scanning for basic encrypted connections, checking for a passkey setup requires interacting with a live, manual login portal. Because of this limitation, the backend architecture relies on data supplied by passkeys.directory, a widely trusted, community-maintained archive. If a specific platform upgrades its security setup behind the scenes, users can quickly submit the correction to update the scoreboard in real time.
The ultimate goal isn’t just about public embarrassment. Back in 2017, the same design duo launched a similar project targeting websites that failed to use secure HTTPS browsing. That tracker helped shift encrypted browsing from a premium perk into an absolute baseline requirement. Now, their latest project aims to turn passwordless authentication from an exotic novelty into the standard user expectation across the web.
The post These Major Platforms Still Lack Passkey Login Support: The ‘Name and Shame’ List appeared first on Android Headlines.
​Â
