Meta, the parent company of Facebook, has announced a major shift in how users can log into their accounts. As of June 18, 2025, the company will allow its users to replace traditional passwords with passkeys, offering a more secure, passwordless method for logging into their accounts on websites and mobile applications.
Passkeys are a form of cryptographic authentication that eliminates the need for passwords entirely. Instead of relying on something you know, like a password, passkeys authenticate users via a device’s biometric data (like fingerprints or facial recognition) or PIN numbers. This not only offers greater convenience but is also seen as a more secure option compared to passwords, which are often vulnerable to hacking.
The feature will be rolled out to both iOS and Android device users, meaning it will work across a wide range of smartphones and tablets. Meta has also confirmed that this passkey feature will be available on its popular Messenger app, which was once known as Facebook Messenger. Through Messenger, users will now be able to log in using biometric authentication or a PIN, streamlining the login process while enhancing security.
Meta’s move to integrate passkeys comes in part due to its membership in the FIDO Alliance. The FIDO (Fast Identity Online) Alliance is an open-source consortium focused on reducing reliance on passwords for digital security. The organization’s goal is to make authentication safer, more accessible, and less dependent on traditional passwords, which are becoming increasingly vulnerable to various cyber threats. As part of this initiative, Meta began implementing passkeys for its users alongside other companies that are also members of the FIDO Alliance.
The decision to move away from passwords is grounded in growing concerns over their security. In fact, the FIDO Alliance highlighted a major issue in May 2025, revealing that over 36% of people reported that at least one of their online accounts had been compromised due to weak or stolen passwords. These incidents are often the result of simple, easy-to-guess passwords, many of which are frequently reused across different platforms.
To illustrate, weak passwords typically fall under common pitfalls like being less than 10 characters long, using easily guessed information such as a date of birth, a pet’s name, or the name of a favorite sports team, or simply relying on obvious combinations like “123456,” “qwerty,” or “ILoveYou.”
Security experts recommend taking proactive measures to improve online safety. For those who still rely on passwords, experts suggest using longer, more complex passwords—at least 14 characters long—which incorporate a mix of uppercase and lowercase letters, numbers, and special characters. While this may seem cumbersome, it significantly reduces the likelihood of a password being cracked by cybercriminals. Additionally, many experts advise enabling multi-factor authentication (MFA) wherever possible to add an extra layer of security.
With this move, Meta is joining a growing trend of companies shifting toward more secure, user-friendly methods of authentication, acknowledging the risks that traditional passwords pose to both personal and organizational security.
Join our LinkedIn group Information Security Community!
