Amazon, the leading e-commerce platform in many countries, has introduced support for passkeys, a robust alternative to traditional passwords. This innovative login solution enhances security by enabling users to access their accounts through biometrics or a personal PIN, the same credentials used to unlock their devices. While Amazon quietly initiated the rollout of this feature a few days ago, the official announcement has only recently been made. Passkey functionality is currently accessible on web browsers and is gradually being extended to all Amazon users accessing the platform via its iOS app. Amazon’s Android application is also set to receive passkey support in the near future.
Passkeys offer heightened security as they are impervious to phishing attempts, data breaches, or social engineering tactics. This is due to the absence of conventional passwords. Instead, the system relies on cryptographic pairs, with one public key securely stored on the service’s servers, and the other privately safeguarded on the user’s device. Each service has its unique pair, and for successful login, these pairs must match. Notably, passkeys are notably less cumbersome than two-factor authentication, although Amazon does not automatically disable two-factor authentication for users who enable passkey support.
According to Amazon’s FAQs, even users with two-factor authentication enabled will still need to verify their identities with a one-time code after activating the new passkey login option. Whether users will continue to require two-factor codes for subsequent logins with passkeys is currently unclear. During our trial, we did not encounter a request for a two-factor code upon subsequent logins. To enable passkey login, users need to navigate to the “Login & Security” section within their Amazon account and select “Set up” next to the new Passkeys option.