AWS Partner Network (APN) Blog
Maximizing Passkey Adoption with Amazon Cognito and Corbado
 |
| Corbado |
 |
By Vincent Delitz, Managing Director – Corbado
By Isabella Du, Partner Solutions Architect – AWS
Organizations have relied on passwords for consumer authentication online since the early days of the World Wide Web in the 1990s, despite their security and usability challenges. 84% of users interact with phishing emails within 10 minutes of receiving them and almost 1 million phishing attacks per quarter were recorded in 2024. These numbers highlight the scale and speed of these threats, demonstrating the need for robust systems that help reduce phishing.
Passkeys offer a phishing-resistant alternative, quickly becoming the solution for secure, passwordless primary authentication. They leverage biometric authentication through Face ID, Touch ID, Windows Hello, or device PIN codes. Since November 2024, Amazon Cognito natively supports passkeys, empowering organizations to implement passwordless logins using their existing Amazon Cognito user pools.
For large business-to-consumer (B2C) organizations with custom-built UIs, the real challenge lies in encouraging millions of users to adopt passkeys as their primary login method. High passkey adoption is critical for increased protection from phishing attacks and reduced costs associated with passwords and traditional multi-factor authentication (MFA) methods. In consumer-facing scenarios like e-commerce, it can lead to higher conversion rates and fewer abandoned transactions.
This post explores how Corbado’s Passkey Adoption Platform complements Amazon Cognito in creating a high-adoption passkey experience. The solution provides passkey-optimized UI components, detailed analytics, fine-grained passkey management and deployment controls. This approach focuses on three objectives essential for successful large-scale B2C rollouts: maximizing passkey adoption across diverse user segments without requiring user migration, minimizing authentication recovery costs, and enabling risk-controlled implementation.
Understanding Passkeys
Passkeys represent the next evolution in authentication technology, built on WebAuthn and FIDO2 standards using public-key cryptography. Each user account is associated with one or multiple key pairs: a private key securely stored on the user’s authenticator, like Apple iCloud Keychain, and a corresponding public key registered with the service provider.
Unlike passwords, passkeys can’t be reused, guessed or phished, eliminating the need for SMS OTPs or authenticator apps. Instead, users authenticate with their local authenticator such as Face ID. Users can access their passkeys across their devices, as they are synced via Apple iCloud Keychain, Google Password Manager or third-party password managers.
Major technology leaders are driving passkey adoption. As of October 2024, Amazon has reported more than 175 million customers enabling passkeys on their Amazon accounts with users experiencing sign-in processes up to six times faster. This shows significant deployment scale and improved usability for customers. Major regulatory bodies like NIST, CISA, ACSC, BSI, and NCSC increasingly advocate implementing passkey authentication.
Amazon Cognito’s Passkey Capabilities
Amazon Cognito is a fully managed AWS service that provides user authentication, authorization, and management for web and mobile applications, scaling to millions of users. In November 2024, Amazon Cognito introduced native support for passkeys. Passkey functionality is available out-of-the-box through Cognito’s Managed Login, or via APIs and SDKs for organizations using custom-built frontends.
Passkey Adoption Challenge for Enterprises
For large B2C enterprises using custom UIs to ensure brand consistency and complex user journeys, successful passkey deployment at scale also requires high user adoption to realize security and cost benefits. This presents several specific challenges:
- Passkey UI/UX complexity: Building intuitive passkey experiences from scratch
- Device variability: Managing inconsistent behavior across devices, browsers, and authenticators
- Passkey analytics & insights gaps: Lack of detailed insights on passkey usage and drop-offs
- Limited error handling: Gracefully managing passkey-related failures
- Rollout controls: Implementing gradual rollouts or conducting A/B tests effectively
High adoption delivers measurable cost reductions through reduced SMS OTP usage, lower authentication fraud losses, and fewer help desk interventions for password and MFA reset requests. To address these challenges and maximize cost saving, organizations require tooling that enhances passkey adoption while leveraging their existing Amazon Cognito user pool. This is where Corbado’s solution comes into play. Let’s discuss Corbado’s solution in the next section.
The Corbado Solution
Corbado is designed to maximize passkey adoption at scale and gives you fine-grained control over the passkey rollout, acting as a complementary solution connected to your existing Amazon Cognito implementation. It provides specialized tools and data-driven intelligence to improve passkey adoption rates, specify passkey types, authenticators and rulesets for device combinations in custom UI environments.
Corbado’s solution integrates four key components:
- Amazon Cognito acts as the central Customer Identity and Access Management (CIAM) system managing user data and authentication rules.
- A custom authentication flow in Amazon Cognito implemented using AWS Lambda and Corbado’s Enterprise Gateway, allowing passkey-authenticated users to obtain valid Cognito sessions.
- Client SDKs from Corbado provide pre-built, passkey-optimized UI components that manage passkey login complexities including browser compatibility, fallback handling, error messaging and biometric prompts.
- The Corbado Management Console and Passkey Intelligence provide Enterprise Features such as advanced passkey analytics, detailed login funnels and gradual rollout controls. A central repository collects login data through the Client SDKs and the Enterprise Gateway to improve Passkey Intelligence.
The customer application integrates Corbado’s UI components on the frontend and implements backend endpoints for mapping users with Corbado’s backend.
Figure 1 shows the Corbado Connect architecture. It highlights the various features of Corbado Connect and how your application can leverage these features from multiple application types such as Desktop / Mobile Web / Native App.
Figure 1 – Corbado Connect Architecture
Enhanced Passkey Features
Corbado provides embedded UI components optimized for passkeys, streamlining user experience for intuitive passkey creation, usage, and exception handling. The solution helps accelerate adoption by addressing device detection, fallback logic, user messaging, error logging, and passkey lifecycle management. As a managed solution, Corbado works to maintain compatibility with WebAuthn standard updates as they are implemented across operating systems and browsers.
Organizations gain access to analytics for monitoring passkey creation, login, success/error rates, and adoption metrics across segments. Historic data on devices, operating systems, browsers, and credential managers also contribute to optimizing implementation strategies over time.
Gradual rollout strategies enable organizations to begin with specific user subsets, thoroughly test the implementation, and expand deployment without introducing operational risk. Organizations can control which passkey types are permitted, for example, security keys, mobile-first or synced passkeys, control authenticators by Authenticator Attestation Global Unique Identifier (AAGUID), and apply customized rulesets for different user and device segments. This facilitates a measured transition to passkey authentication that aligns with organizational readiness. Figure 2 shows a passkey example through demo application.
Figure 2 – Passkey Sign-in
Implementation
Implementation begins with an authentication flow assessment to determine optimal passkey integration points, considering user devices, applications, and existing MFA implementations. The implementation process involves integrating UI components into custom authentication flows built on Amazon Cognito using HTML/JavaScript for web frontends or native components for iOS/Android applications.
Next, you connect the Corbado backend with your application for user mapping and session management. Corbado provides implementation guidance, analytics for adoption forecast, and authentication flow design assistance. As part of the implementation guidance, Corbado offers tools to move from theoretical benefits to a concrete business plan. Tools such as Passkey Adoption Calculator, as shown in Figure 3, help in creating a realistic business case for passkey implementation.
Figure 3 – Passkey Adoption Calculator
Rollout
Implementing passkeys for large user bases requires a structured approach. Corbado provides deployment controls based on implementation data and authentication patterns to guide decisions on how and when to introduce passkeys. Many organizations begin with limited user groups to validate integration, test compatibility, and refine the user experience. Corbado’s built-in Passkey Intelligence enables real-time tracking of readiness, adoption and success rates throughout deployment.
Administrators can configure granular targeting rules through the management dashboard (shown in Figure 4) to enable strategic passkey implementation. These controls include features such as presenting passkey registration only after successful password authentication and limiting availability to specific user segments based on device type, account type, or region. You can also avoid dead ends by suppressing prompts in environments where passkeys cannot be created or used.
Organizations implementing passkeys typically observe reduced account recovery support requests, lower authentication costs through decreased SMS OTP usage, and improved login success rates and user retention through faster authentication. Corbado customers have achieved up to 80% passkey activation rate and 4-6x faster login time, replacing SMS OTPs and passwords.
Figure 4 – Passkey Login Metrics
Conclusion
Passkeys are reshaping authentication by offering improved security against phishing and measurable cost savings. The critical challenge lies in achieving meaningful user adoption across diverse user segments, while maintaining the seamless experience that drives conversion rates and reduces transaction abandonment.
Corbado complements Amazon Cognito’s native passkey support for custom UI implementations. The solution provides optimized user experiences, detailed analytics, and granular management controls, helping organizations achieve better passkey adoption rates at scale. To learn more about how Corbado can help your organization transform authentication experience, download the free whitepaper on passkeys for large-scale enterprise deployments.
.
.
Corbado – AWS Partner Spotlight
Corbado is an AWS Technology Partner that helps enterprises roll out phishing‑resistant passkeys at scale and maximize passkey adoption. Corbado’s solution integrates with existing identity providers, and offers pre-built passkey UX components, deep passkey analytics, insights, and telemetry for rollout management.