Passkeys are a modern alternative to traditional passwords, designed to provide both stronger security and a more seamless user experience. They use public key cryptography to authenticate users without the need to remember or manage complex passwords, and with companies like Apple, Google, and Microsoft pushing the adoption of passkeys, more and more users will be using them in the future. Most research focuses on how to improve the security, usability, and overall adoption of passkeys during initial activation and subsequent use.

We take it a step further and ask what happens if someone is already using passkeys, has registered one to their account, but now wants to get rid of it? The user may have lost the device on which the passkey was stored. A couple might have separated and one of them doesn’t want the other to have access to certain accounts. There are several scenarios where the passkey revocation process plays a significant role in user perception, which is our motivation to push for optimal user perception.

Our study is meant to provide an overview of existing revocation processes and an investigation of how people deal with them. We also plan to propose alternatives and investigate how well our proposed solutions are perceived. Ultimately, we hope to shape and improve the process of passkey revocation for the better. Allowing passkeys to be the future of authentication.