Security

Rolling out passkeys: lessons from the first year

Alebrije Admin June 24, 2025 · 1 min read

We have rolled out passkeys across many customer environments over the past year. The technology is genuinely better than passwords plus TOTP. The user experience, however, varies enormously by platform.

What works well

Apple device users have a smooth experience. Sign in with Apple, the passkey lives in iCloud Keychain, it just works. Google ecosystem users have a similarly smooth experience inside Chrome and Android.

What works less well

Cross-platform households. The user with an iPhone, a Windows laptop, and a personal Android device finds that their passkeys do not seamlessly cross device boundaries.

What we recommend

  1. Start with the user populations that have the smoothest experience. Apple-heavy executives, Google-heavy field staff.
  2. Pair passkeys with hardware security keys for the people who really need cross-platform reliability.
  3. Keep TOTP as a fallback, at least through the first year.
  4. Document the recovery flow. Lost-device recovery for passkeys is its own conversation.
Tagged Cybersecurity MFA Field Notes Best Practices
— Keep reading

Related posts.

Security
April 28, 2026 · 1 min read

Why every small business needs a security baseline (and what that actually means)

The phrase "we are too small to be a target" is the most expensive sentence in IT. Here is what a real baseline looks like, in plain language, with the steps you can take this week.

Editorial Team
Security
April 7, 2026 · 1 min read

Phishing that actually works in 2026: what your team should know

The phishing techniques that actually work right now and the five-second checks anyone in your organization can do to spot them.

Alebrije Admin
Security
March 3, 2026 · 1 min read

Microsoft 365 hardening: the seven settings most tenants get wrong

Default Microsoft 365 settings are not a security baseline. Seven specific changes that take an afternoon and meaningfully reduce risk.

Alebrije Admin