Amazon quietly rolls out support for passkeys, with a catch


Amazon has quietly rolled out support for passkeys as it becomes the latest tech giant to join the passwordless future. But you still might have to hold onto your Amazon password for a little while longer.

The option to set up a passkey is now available on the e-commerce giant’s website, allowing users to log in using biometric authentication on their device, such as their fingerprint or face scan. Doing so makes it far more difficult for bad actors to remotely access users’ accounts, given that the attacker also needs physical access to the user’s device.

A screenshot showing passkey set up in Amazon's settings.

A screenshot showing the passkey set-up feature in Amazon’s settings. Image: TechCrunch (screenshot)

But Amazon’s implementation of passkeys isn’t without issues, as noted by Vincent Delitz, co-founder of German tech startup Corbado, who first documented the arrival of passkey support on Amazon.

Delitz noted that there is currently no support for passkeys in Amazon’s native apps, such as Amazon’s shopping app or Prime Video, which TechCrunch has also checked, meaning you still have to use a password to sign-in (for now). What’s more, if you’ve set up a passkey but previously set up two-factor authentication (2FA), Amazon will still prompt you to enter a one-time verification code when logging in, a move Delitz said was “redundant,” since passkeys remove the need for 2FA as they are stored on your device.

Amazon says on its website: “You will still need to verify a one-time code after signing in with the passkey,” but does not explain why.

It’s unclear if the requirement for 2FA codes is a temporary feature and whether Amazon plans to add passkey support to its mobile apps. It’s also not yet known if passkey support has been made available to all Amazon users, though TechCrunch has confirmed that the feature is available in the U.S., U.K., France, and Germany.

Amazon has not responded to TechCrunch’s questions.

The arrival of passkeys on Amazon lands as WhatsApp announced that it’s rolling out support for passkeys to all Android users, and just days after Google said it planned to make passkeys the default sign-in method for all Google Account holders. GitHub, Windows 11, TikTok and 1Password have all rolled out support for passkeys.





Source link