Dor Shany
June 11, 2024

‘It’s a Headache’: Why the Choice to Build vs. Buy a Passkey Solution is Painfully Obvious

I’ve had countless discussions about the “passkey revolution” — and how businesses are adopting passkey technology and rolling it out on their consumer-facing websites and apps. However, for companies considering joining this revolution, one question often comes up: Should I build or should I buy?   

Obviously, I have a bias. I founded OwnID because I saw a need (and opportunity). During my time at Gigya (acquired by SAP in 2017), passwords were becoming a glaring security vulnerability. Meanwhile, we, as consumers, were becoming increasingly dependent on digital services and online accounts — and managing these credentials was becoming a major point of friction. 

I knew there was a better way. So, we built a tool that makes implementing passkeys — and leveraging biometric authentication tech — reasonably simple. More on that in a moment. Naturally, we believe licensing technology like ours is the best path for most brands to reboot their authentication experience — and in turn, significantly improve login and registration rates for the business.

The build-vs.-buy question can be answered simply. There’s one big reason why trying to DIY passkeys is a mistake for most companies. 

It’s a headache. No — actually, it’s three headaches:

  • It’s a headache for users who want to move away from passwords but aren’t being offered a low-friction alternative they truly want to adopt. 
  • It’s a headache for developers who have to account for the exponential variables related to authenticating users across multiple scenarios and edge cases, including consideration of every device, browser, app, and OS. 
  • And it’s a headache for business leaders when they find out that only a very small percentage of users have adopted passkeys despite all of the development effort. 

Let me explain. 

The user headache

Around here, we think a lot about user friction — especially as it applies to the e-commerce digital journey. At every step, with every new piece of information that users need to enter into a form to complete a purchase, people give up. Reports show that on average, about 70% of users abandon their shopping cart

We, as online consumers, simply don’t have a lot of patience. 

Of course, the introduction of passkeys — and accompanying biometric technology — is supposed to improve user experience. It’s supposed to remove steps from the login process and obliterate friction to a variety of so-called “conversions” that digital leaders care about. 

However, poorly implemented passkeys may never deliver on those benefits because the barrier to adopting them is its own friction. Turning on some passkeys, even for one device, takes multiple steps. For example, it takes about five different steps to add a passkey to an existing Google account and enable FaceID or TouchID for just one device. 

Additionally, the next time someone tries to log in with a different device, they might be confused why they have to enable that device as well. For example, if they replace a phone after setting up passkeys, they’ll probably need to dig up that old login info to log in. 

It’s a headache all right — the type that leads people right back to the familiar (yet annoying) old way of doing things. Entering usernames and passwords.  

The developer headache

Given the time and resources, a good developer can build and solve almost anything. 

So, why would a product leader buy something that their in-house devs can build? 

Mainly, opportunity cost

Building a new passkey solution is deceptively complex. In our recent conversation with one digital leader, a team of experienced developers at a prominent social media company built a passkey proof-of-concept. The leader estimated it would take another 18 months to develop the complete solution. 

To execute a complete solution, developers (and designers) have to account for: 

  • An exploding number of connected (hardware) devices — phones, tablets, wearables, etc. — people use to log into websites and services.
  • A variety of different software components and apps that need to coexist within an authentication stack. For example, commerce platforms like Salesforce, Adobe, and SAP Commerce don’t offer identity features or an easy way to implement passkeys. 
  • Existing authentication technology may be difficult to update without significant UX challenges. 

It’s even more of a headache when you think about the math of all those variables. Multiply them against all of the possible user flows that need to be designed, developed, and tested. Just consider these corner cases:

  • What happens if a user is on a shared device or a public computer?
  • What if the user never turned on the biometrics option of their device?
  • What if a user wants to create a new account using only passkeys?
  • What if a user doesn’t have a biometric input (e.g. a legacy Windows machine) or any input at all (e.g. a TV screen/kiosk)?
  • What if an existing user who already has a password wants to switch to passkeys?
  • What if a user wants to authenticate with multiple devices that require multiple passkeys? 
  • What if biometrics fails?

These are just a few examples. And if developing a custom passkey solution wasn’t difficult enough, maintaining it indefinitely extends the commitment — and the headache. Because undoubtedly, many new and updated things in the ecosystem will affect (and break) your home-grown passkey solution. Developers need to be prepared to respond.      

So, about that opportunity cost. Think about the developer magic you missed out on because of the time and effort spent trying to build and maintain a DIY passkey solution. Why waste their cycles reinventing the wheel?

The digital leader headache

Almost unanimously, the digital leaders we speak with understand the obvious benefits to passkeys — better security and improved user experience that drives better online performance for their brands. The only question is how to get there.

Unfortunately, those who choose the build-your-own solution often make a couple of bad assumptions. They underestimate the difficulty of building one. And they assume their users can and will simply turn on those passkeys. 

Reality sets in when development takes much longer than expected and users don’t jump through the hoops to turn them on. 

We recently talked with one Fortune 100 retailer that built their own solution over the course of several months — and a few months after rollout, only 3% of users had adopted it.  

That may be the worst kind of headache of all — committing all those resources and seeing almost no return on the investment. 

Why buy

Enough about headaches. Let me distill why many of our customers have chosen to license our technology rather than trying to build it on their own. 

To put it simply, we can help you deploy an end-to-end passkey solution in a few weeks rather than several months, and optimize it across various user journeys that drive business impact. Our customers typically experience 40-60% adoption of passkeys and biometric authentication by their users.

Additionally, you might choose to license technology like ours because: 

  1. We have one job. Because we specialize in passkey authentication, our developers understand every possible detail of what it takes to implement a winning solution. There’s no learning curve here.   
  2. User experience is our north star. We constantly conduct user interviews and data analysis across our ecosystem to detect and optimize UX.
  3. Every corner case is covered. Our tech covers the entire ecosystem of connected devices and software — because that’s all we do
  4. User experience unlocked. Our passkey solution dramatically reduces friction for customers to opt-in to biometric authentication on multiple devices. 
  5. Always updated. Because the ecosystem is always changing, we are constantly updating and testing. We do the maintenance so you don’t have to. 

All of that said, I’m a developer myself. And I know that a lot of builders out there will still want to DIY passkeys. Because they want to build and understand things. 

However, before you start down that perilous DIY passkey path, just consider the headache.
And reach out to us for a demo. No strings attached (and no headaches).   

Dor Shany is the Co-Founder and CEO of OwnID, founded in 2021 to reinvent consumer authentication. Formerly part of the founding team at Gigya (acquired by SAP in 2017), Dor saw that passwords remain a glaring security vulnerability and a major user friction point, and believed there was a much better way for enterprise brands to authenticate users using biometrics, while also significantly improving the user experience at registration & login.