Reddit CEO: Face ID and Touch ID Are Driving Passkey Adoption

The Passkey Transition That Isn't Painful

The technology industry has been trying to kill the password for roughly a decade. The case against passwords is overwhelming: they're reused across sites, stolen in breaches, phished through deceptive websites, cracked by brute force, and forgotten by the people who set them. Despite clear technical consensus that passkeys offer dramatically superior security, the transition has been slow — largely because change in consumer authentication habits is notoriously difficult to achieve.

Reddit CEO Steve Huffman has identified a factor that may be changing that dynamic: Apple's Face ID and Touch ID. In remarks that have drawn attention from the security community, Huffman argued that biometric authentication on Apple devices has an underappreciated secondary benefit beyond its primary security function. By making passkey authentication feel effortless and familiar — you already unlock your phone this way dozens of times a day — Apple's biometric systems are effectively lowering the psychological barrier to passkey adoption in a way that security education has never managed to achieve.

How Passkeys Work

Passkeys are built on the WebAuthn standard, which uses public-key cryptography to authenticate users without transmitting a secret like a password to the website or service. The user's device holds a private key that never leaves it; the website holds a corresponding public key. Authentication involves the device signing a challenge from the website, which the website verifies using its public key. An attacker compromising the website's database gets only the public key — useless for authentication.

The security improvement over passwords is significant. Because credentials never leave the user's device, phishing attacks are fundamentally ineffective against passkeys. The private key is bound to the specific website for which it was created, so even if a user is tricked into visiting a spoofed site, the passkey authentication fails because the credential does not match.

The Behavioral Insight

Huffman's observation is that biometric authentication on Apple devices has done something security researchers could not: it made a complex cryptographic operation feel like nothing at all. Users who authenticate with Face ID or Touch ID are performing the same public-key cryptography that underlies passkeys, but they experience it as the same gesture they use to unlock their phone — a zero-friction interaction they have already internalized as part of their device use.

The implication is that the barrier to passkey adoption is not primarily technical or behavioral in the traditional sense. Users are not resistant because they don't understand security benefits. They're resistant because new authentication methods require learning new behaviors, and new behaviors involve friction. By connecting passkey authentication to biometric gestures users have already learned and habituated, Apple collapsed that friction to near zero for a significant portion of the smartphone-using population.

Broader Implications for Digital Security

Reddit has been among the more active platforms pushing passkey adoption to its user base, driven partly by Huffman's personal interest in the technology and partly by the platform's history with credential-based security incidents. The company's experience suggests that passkey adoption rates among users authenticating through Apple devices are meaningfully higher than among those using other methods — data supporting Huffman's theoretical account of why biometrics are accelerating the transition.

If Face ID and Touch ID are genuinely catalyzing passkey adoption, the implications extend beyond any single platform. Apple devices represent a substantial share of premium smartphone users in key markets, and those users tend to be early adopters who influence broader technology trends. A technology on a credible path toward replacing passwords — one of the most persistent security weaknesses in digital infrastructure — represents a meaningful shift in the security landscape, and it may be arriving faster than most security professionals expected thanks to Apple's invisible distribution mechanism.

This article is based on reporting by 9to5Mac. Read the original article.