Passwordless at scale: what we learned from 50k users

Passkeys are ready. Not maybe-ready, not pilot-ready — production-ready. We've now deployed them at scale across ICI TECH and dozens of customers, and the data is clear: phishing-resistant MFA is faster, cheaper, and better-loved than passwords.

What works

• Self-enrollment during the first sign-in of the day
• Multi-device passkeys via platform syncing
• Fallback to hardware keys for elevated-risk accounts

What breaks

Mostly the edge cases: shared devices in retail and healthcare, older mobile fleets, and a long tail of legacy apps that don't speak WebAuthn. None are dealbreakers. All have workarounds.

What to plan for

Plan for a 6-8 week pilot, then a department-by-department rollout. Plan for the help-desk volume to spike briefly, then drop substantially below baseline. And plan to celebrate — passwords don't die quietly, but they do die.