I want to highlight a long-form piece in Dark Reading. Passkeys are gaining support among consumers and small businesses. However, their usability and simplicity do not meet large corporations’ control and attestation requirements. Passkeys will likely evolve into an optional factor in the current public key infrastructure (PKI) or credential-based system. While passkeys could eliminate phishing attacks and improve authentication, businesses are hesitant to adopt them due to device attestation and authentication concerns. For companies, passkeys hold the promise of a standardized PKI but require guarantees for key movement, recovery, device compatibility, and centralized management. If passkey providers and identity-and-access-management companies address these enterprise-use problems, passkeys could become more widely adopted in business settings.
Why do we care?
One of the reasons I like SMB so much is the delightful mix of consumer and professional technologies you find in these businesses. Technology is both approachable with consumer tech but regimented with enterprise technology. It’s also why I’m talking passkeys as much as I am — as highlighted here. SMBs are often more open to adopting newer, more straightforward technologies like passkeys if they meet the business requirements.
Take that hesitation – enterprises were hesitant to adopt due to concerns about device attestation. Consider your SMB (and maybe even lower mid-market) customers. Which is more worrisome – device attestation or Janice in accounting being phished? It’s that analysis that customers pay you for, and with the SMB market being such a security mess…. Well, passkeys, folks.

