Move to the wrist accelerates passwordless banking
Banks across the United States and beyond have quietly begun enabling passkey logins that let customers approve access from their smartwatches, a shift that could put traditional passwords on the defensive and reshape how financial institutions fight fraud. The change comes as the passkey ecosystem reaches new scale, with industry groups estimating about 5 billion passkeys now active worldwide.
Big banks, fast rollouts
This spring a major password manager shipped synchronized passkey support for six of the ten largest U.S. retail banks, a move that industry engineers say immediately opens passkey sign-in to roughly 60 percent of U.S. retail-banking customers who use that manager. Financial apps that adopt synchronized passkeys make it possible for an authentication prompt to be completed on any enrolled device, including a connected smartwatch.
How the watch becomes an authenticator
On modern platforms passkeys are stored and unlocked locally, then shared across devices through vendor sync services or password managers. In practice a phone or laptop will create the credential and a paired smartwatch can act as an approval surface when the device ecosystem permits it. That pattern relies heavily on operating system frameworks and cloud keychains to carry keys securely to the wrist. The result is a login flow that can be reduced to a tap or glance on an Apple Watch or Wear OS device in many setups.
Security gains and the new contest
Security teams welcome the change because passkeys are resistant to phishing and credential stuffing, and early pilots show lower account takeover rates and smoother conversion at sign-in. At the same time, payments networks and issuers are racing to embed passkeys into checkout and banking flows, turning authentication into a hotly contested front where fraud mitigation and user experience compete for priority.
Remaining gaps and escalation risk
Adoption is uneven and recovery workflows remain the biggest practical challenge. Organizational inertia, untested customer support scripts, and the tension between synced passkeys and hardware-bound keys leave room for attackers to shift tactics toward social engineering and account recovery abuse. That fragility is driving banks to invest in endpoint hardening, fraud analytics, and layered verification, marking the start of a prolonged security arms race around passwordless access.