If you’ve seen a message pop up from WhatsApp, Apple, or Google asking you to “set up a passkey,” you’re not alone. These prompts are becoming more common—and they mark the beginning of a fundamental shift in how we log in to everything.

The problem? Most business owners and employees don’t actually know what a passkey is, or how it relates to passwords, phishing, or their wider cybersecurity setup.

If that’s you, don’t worry. This article is here to explain Passkeys and Password Managers in plain English—what they are, how they work, and why they’re fast becoming essential for businesses of all sizes.

And with UK cyberattacks continuing to hit the headlines, from retail to legal and logistics, it’s a conversation every business should be having now—not after a breach.

Most systems—especially in the professional services—still rely on passwords. The problem is, they’re not very good at protecting us.

According to the 2025 Verizon Data Breach Investigations Report, 77% of breaches involve stolen or compromised credentials, and 68% involve a human element, such as phishing or simple user error. Combine that with the fact that many employees juggle over 100–190 passwords, according to multiple industry reports, and it’s easy to see why people resort to shortcuts—like reusing passwords or storing them in browsers. Unfortunately, those shortcuts are exactly what attackers exploit.

We’ve seen the fallout here in the UK. This year alone:

• Marks & Spencer suffered a breach affecting customer data last month (April 25′).
• The Legal Aid Agency revealed sensitive personal records were accessed in a targeted attack (April 25′).
• Food supplier Peter Green Chilled, used by Tesco and Aldi, was hit by ransomware that disrupted deliveries only last week (May 25′).

These aren’t obscure companies with obscure systems. They’re using the same types of platforms and practices many businesses do—which makes them useful case studies for what can go wrong.

Put simply, a passkey is a new way to log in without needing to type a password. It uses your device—like your phone or laptop—and something about you, like your fingerprint or face, to verify who you are.

Here’s how it works:

• You visit a supported site or app
• It asks you to confirm your identity using a biometric or device PIN
• A cryptographic key stored on your device proves it’s you
• No password to remember. No password to steal.

Passkeys are also phishing-resistant, because they don’t work outside of the app or site they were created on. Even if you clicked a fake link, the login wouldn’t work.

Apple, Google, Microsoft, Amazon, PayPal, and many others are rolling out support. The shift is happening—but slowly.

Right now, most business platforms don’t support passkeys yet. CRMs, payroll systems, job boards, HR tools—these still ask for traditional passwords.

That’s where Password Managers come in. They remain the most practical way to:

• Secure your existing logins
• Stop password reuse
• Store and share credentials safely
• Prepare for a gradual move to passkeys

The latest tools, like LastPass for Business, now support both:

• They store and sync passkeys across your devices
• Help you generate passkeys on supported sites
• Offer MFA, dark web monitoring, and admin dashboards
• Give you visibility into how your team is using credentials

In short, password managers now act as credential managers—bridging the gap between the old way and the future.

If you work in recruitment, HR, or accountancy, you’re handling high-risk data: personal records, payroll info, tax details, sometimes even DBS documents.

That puts a target on your back, whether you’re a 10-person firm or 300. According to the UK government’s Cyber Security Breaches Survey 2024, 50% of medium-sized businesses suffered a breach or attack last year. And that number is likely underreported.

The most common entry point? Compromised credentials—exactly the type of attack that passkeys and password managers are designed to stop.

A few of the challenges we often see:

• Shared accounts with no audit trail
• People saving passwords in browsers
• Passwords sent by email or in Teams chat
• No MFA turned on for key services

This doesn’t happen because people don’t care—it happens because security feels like a hassle. Passkeys and password managers help remove that friction.

You don’t need to rip out your systems or hire a dedicated security team. Most businesses we work with follow a few sensible steps:

First, they get a clear picture.
They look at where passwords are stored, who has access, and where gaps exist.

Next, they roll out a password manager.
Not just for convenience, but for accountability. Everyone gets secure access. Shared credentials are monitored. And policies can be enforced, not just hoped for.

Then, they enable passkeys where it makes sense.
Google Workspace. Microsoft 365. Apple ID. These platforms already support passkeys, and we help businesses enable them without disrupting logins.

Finally, they bring people with them.

We offer practical, jargon-free guidance to help your team understand what’s changing—and why it matters. Because login security only works if everyone feels confident using it.

At Blue Saffron, we regularly support recruitment firms, HR teams, and accountancy practices in moving from spreadsheet-based logins to more secure, manageable systems. We don’t overcomplicate it. We just help you get it done.

You don’t have to understand cryptography or be a cybersecurity expert to improve login security. Passkeys and Password Managers are two of the most straightforward ways to reduce your risk—today and into the future.

The systems you use every day—email, files, finance, HR—are only as safe as the way you log into them.

Let’s make sure login security isn’t the weak link in your business.

What’s a passkey, exactly?

It’s a passwordless login method that uses your device and biometric ID (or PIN) to prove who you are.

Are passkeys more secure than passwords?

Yes. They can’t be reused, phished, or leaked in the same way passwords can.

Will passkeys replace passwords?

Eventually—but not overnight. Most apps still use passwords. That’s why password managers are still essential.

Can password managers store passkeys?

Modern ones like LastPass and 1Password can. They help you manage both as we transition away from passwords.

Isn’t this just for big companies?

Not at all. Smaller businesses are often more vulnerable because they have fewer controls in place. This is a practical step you can take now.