A new website called WhyNoPasskeys.com is publicly calling out Instagram, Netflix, and Spotify for refusing to add passkeys—a safer way to log in. If you use any of these apps daily in Ghana, this matters to you.
What are passkeys and why should you care?
Passkeys replace passwords with biometric login: Face ID, fingerprint scan, or device PIN. Instead of typing a password that can be stolen, you unlock your phone, and that’s it. Passkeys are much harder to phish (trick out of you), can’t be reused across apps, and work faster than passwords.
Think of it like this: a password is a physical key you carry around and show to every lock. A passkey is a unique fingerprint only that lock recognizes—no one else can use it.
Why don’t Instagram, Netflix, and Spotify use them yet?
Good question. Google, Apple, and Amazon already support passkeys. But 7 of the world’s 25 most visited websites still don’t, including Instagram, Netflix, Spotify, Samsung, Roblox, and Baidu.
These aren’t small startups. These platforms serve hundreds of millions of users worldwide. They have the engineers and resources to add passkeys but haven’t.
Oddly, Instagram’s parent company Meta already offers passkeys on Facebook and WhatsApp. Instagram users can only access passkeys if they link their account to Facebook first—a workaround, not a real solution.
How does WhyNoPasskeys work?
The site, created by security researcher Scott Helme (who launched a similar public-shaming site for HTTPS encryption in 2017), acts as a leaderboard. It lists which companies support passkeys and which don’t.
The goal is simple: public pressure. By making it visible that Instagram users still log in with outdated passwords while competitors support passkeys, the website hopes to shame platforms into upgrading.
Why passwords are still a problem
Passwords remain one of the weakest parts of online security. Data breaches, reused logins, and phishing scams still hit users every day. Passkeys eliminate most of these risks because they’re tied to your device and can’t be phished.
What you should do right now
Check if your most-used apps support passkeys. If they do (Gmail, Apple ID, Microsoft Account), enable passkeys today—it takes 5 minutes. For apps that don’t yet, use a unique, strong password and turn on two-factor authentication (usually SMS or an authenticator app).
If you use Instagram, Netflix, or Spotify regularly, consider mentioning passkeys in their feedback or support channels. Public pressure works: it’s how HTTPS became standard.
Leave a Reply