Wednesday, Jul 15, 2026
Newstrackertoday
  • News
  • About us
  • Team
  • Contact
Reading: Troy Hunt Built a Site to Shame Password Users in 2017. He Just Did the Same Thing Again
Share
NewstrackertodayNewstrackertoday
Font ResizerAa
  • News
Search
Follow US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
News

Troy Hunt Built a Site to Shame Password Users in 2017. He Just Did the Same Thing Again

Anderson Liam
SHARE

Cybersecurity researchers Scott Helme and Troy Hunt launched whynopasskeys.com on Tuesday, a public registry that tracks and ranks the world’s most popular websites based on their adoption of passkey authentication, and the launch immediately produced a finding that is harder to dismiss than a general concern about password security: six of the top 25 global internet destinations – approximately 24% – do not offer passkey support. Those six include Instagram, Netflix, Spotify, Samsung, and Roblox – not startups with limited engineering budgets but some of the most visited platforms on earth, collectively serving hundreds of millions of accounts. Apple, Google, and Microsoft appear on the positive side of the list. The registry’s arrival and its methodology are the details that distinguish this from a press release, and the specific institutional context is what the story requires to understand properly.

Passkeys are phishing-resistant authentication credentials generated by a user’s device and tied cryptographically to both the device and the specific website they were created for. They rely on biometrics such as Face ID, Touch ID, or a physical security key and can be stored in a password manager. The security advantage over passwords is structural rather than incremental: a passkey cannot be stolen in a server breach because the private key never leaves the user’s device, and it cannot be phished because it is cryptographically bound to the website that issued it. More than 15 billion online accounts can currently use passkeys. The technology is ready, the infrastructure is in place, and major platforms – Apple, Google, Microsoft, Amazon – have deployed it at scale. One in four major apps has not. The gap between technological readiness and deployment is what whynopasskeys.com has just made publicly visible, and it is what NewsTrackerToday anchors as the precise problem the registry addresses.

Ethan Cole reads the incentive structure directly: “Companies don’t implement passkeys because their users aren’t demanding them yet and because the migration from existing password infrastructure is not a zero-cost engineering project. The reputational cost of a breach is lower than the engineering cost of migration, until it isn’t. The whynopasskeys.com approach is to raise the reputational cost of non-adoption before the breach happens, which is exactly how whynohttps.com changed industry behavior in 2017 and 2018.” The whynohttps parallel is the one Helme’s own writing emphasizes explicitly, and it is what the site’s launch documents as a deliberate strategic replication.

Isabella Moretti reads the business model dimension: “Instagram is a specific and instructive case. Meta offers passkeys for Facebook and WhatsApp. Instagram users can only use a passkey if their account is linked to a Facebook account that already has one enabled. That is not a technical limitation. It is a product decision that ties Instagram’s authentication to Facebook’s account graph. The whynopasskeys.com listing for Instagram describes MFA-only support rather than full passwordless support, which captures the distinction between using a passkey as a second factor on top of a password versus replacing the password entirely. Those are very different security postures, and the registry distinguishes them.” That distinction between passwordless passkey support and MFA-only passkey use is what NewsTrackerToday pulls as the whynohttps parallel carries most weight: the 2017 site did not distinguish between HTTPS on some pages versus sitewide enforcement.

The site’s data comes from passkeys.directory, a community-maintained archive that tracks authentication support across major platforms. Because checking for passkey implementation requires interacting with a live login portal rather than scanning for a certificate, the methodology relies on community submission rather than automated crawling. That means the database updates in near-real-time when platforms change their implementations, and it means companies that add passkey support can submit a correction and get off the list promptly. The fastest path off the list is adoption, which is the site’s stated goal. Helme explicitly said: “If you run one of these sites: you already know what to do.” The direct address to corporate security teams is what NewsTrackerToday sets against the broader passkey adoption trajectory: 87% of U.S. and U.K. companies using passkeys internally, but a different question entirely when it comes to customer-facing consumer authentication.

The shift this launch registers is institutional rather than technical. The technology has been ready since the FIDO Alliance and major platforms agreed on the passkey standard. What has been missing is the same social pressure mechanism that converted HTTPS from a premium security feature to a baseline expectation: a public, searchable, regularly updated registry of who has not done the obvious thing. When browsers started marking non-HTTPS sites as “not secure,” adoption spiked. Whynopasskeys.com creates the social version of that signal before any browser or regulator creates the technical version. The reputational pressure that the site now applies to Netflix, Spotify, Instagram, and Roblox is what News Tracker Today closes on as the mechanism: the site is not new technology; it is old social engineering applied to a new authentication standard.

Share This Article
Email Copy Link Print
Previous Article In Ten Days Google Lost Its Transformer Co-Inventor, a Nobel Laureate, and Two Gemini Engineers
Next Article GM Just Added $675 Million to Its Brazil Plan. The Word ‘Hybrid’ Explains the Whole Thing

Opinion

The U.S. Just Quietly Cleared More Chinese Firms to Buy Nvidia’s H200. ZTE Is One of Them.

A unit of telecoms equipment maker ZTE and two other…

14.07.2026

China’s Exports Just Beat Every Forecast. AI Chips Are Doing the Heavy Lifting

China's exports climbed 27% in June…

14.07.2026

Waze Just Got an AI Voice. It’s Aimed Squarely at Apple Maps.

Waze rolled out a batch of…

14.07.2026

Microsoft’s CEO Just Told Companies They’re Paying AI Labs Twice

Microsoft CEO Satya Nadella published a…

14.07.2026

Uber’s Product Chief Just Explained Why the App Isn’t Trying to Do Everything

Uber has spent the past year…

14.07.2026

You Might Also Like

News

Paramount’s Painful Reboot: How Mass Layoffs Signal a Digital Rebirth in Hollywood

The merger of Paramount and Skydance marked one of the most significant shakeups in the entertainment industry this year –…

3 Min Read
News

Money Couldn’t Save It: High-Flying AI Startup Collapses in Under a Year

The rapid rise and equally rapid shutdown of Yupp highlights a defining reality of today’s AI startup market: strong funding…

5 Min Read
News

Adobe Shares Slide: CEO Exit Fuels AI Disruption Fears

Adobe shares fell sharply after the company announced that longtime chief executive Shantanu Narayen would step down, adding new uncertainty…

5 Min Read
News

From Grok to TikTok: How AI Deepfakes Pushed Lawmakers to the Breaking Point

The rapid spread of sexually explicit deepfakes created without consent has moved beyond isolated abuse cases and into a broader…

4 Min Read
Newstrackertoday
Yzfalu.com reviewsYzfalu.com отзывы
  • News
  • About us
  • Team
  • Contact
Reading: Troy Hunt Built a Site to Shame Password Users in 2017. He Just Did the Same Thing Again
Share

© newstrackertoday.com

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?