pixiv is one of the world's largest social media platforms for artists, hosting over 100 million users and 160 million illustrations, manga, and fiction. For a platform built on creative intellectual property, balancing robust security with a frictionless user experience is a top priority.
To move toward a passwordless future, pixiv integrated passkeys. The results were immediate: authentication success rates for passkey users hit 99%, which is 29% higher than legacy password login methods, and significantly reduced login friction for its most active users.
The strategy: Moving toward passwordless authentication
pixiv offers four authentication methods:
- Email-based "passwordless" login: pixiv sends a verification code to the user's registered email address. It can be complex for users and is still vulnerable to certain phishing attacks and account takeover if the user's email is compromised. This is the default method for newly registering to a pixiv account.
- Email and password: A legacy authentication method where users provide a registered email address and a password. This method is prone to credential stuffing and password fatigue caused by managing numerous complex credentials.
- Social login: A method that allows users to authenticate with a service by using their existing credentials from a third-party identity provider, such as a Google Account.
- Passkey: A modern, phishing-resistant credential based on public key cryptography. Users sign in using their device's screen lock (biometrics or PIN). Passkeys are stored securely on the device, and can sync across platforms.
Why passkeys offer better passwordless login
While many people are familiar with passwords and email verification codes, passkeys offer enhanced security:
- Email account risks: Email-based systems are vulnerable to account compromise. If your email is breached, attackers can bypass verification codes to gain unauthorized access. These systems often require a separate second factor (2FA) to achieve robust security.
- Inherent reliability: Passkeys are cryptographically bound to the specific domain, meaning they cannot be used on fraudulent proxy sites. Because a passkey requires both the physical device and your gesture (biometrics or PIN), it acts as a built-in second factor. Passkeys provide high reliability and a simpler user experience without the need for additional 2FA steps.
- Frictionless experience: Passkeys offer a more robust and frictionless experience for users compared to legacy methods.
For further technical details, see the Passkeys overview.
pixiv's primary goal for passkey adoption was to transition users away from legacy password-based systems
While many users are familiar with passwords and email verification codes, passkeys offer superior security. Performance data suggests it is the superior method for user retention and security. And, unlike verification codes, passkeys cannot be intercepted or stolen through social engineering.
The impact: Success rates and user experience
The implementation of passkeys led to a significant increase in login success rate. Legacy authentication methods like passwords and verification codes often fail due to forgotten credentials or issues with email delivery for verification codes.
Users with passkeys experienced a 99% authentication success rate. This is 29 percentage point uplift than username and password.
| Metric | Username and password | Passkeys |
|---|---|---|
| Authentication success rate | ~70% | 99%+ |
User behavior insights: The "U-shaped" adoption curve
pixiv also discovered a correlation between account age and passkey adoption. pixiv observed a "U-shaped" trend where the oldest and newest people were more likely to enable passkeys.
Power users (10 or more years)
Users who registered over a decade ago show a higher adoption rate of more than 6%. These users often have extensive portfolios and curated bookmarks. Because their accounts represent years of creative work, pixiv hypothesizes that these users could have a higher security consciousness and a greater willingness to adopt modern security standards like passkeys to protect their digital assets.
New registrants
pixiv implemented a new Security Confirmation screen, which prompts users to confirm their security setting and recommends passkeys as a fast and secure login method that doesn't require password or verification code.
Users who joined after the introduction of the Security Confirmation screen also show higher passkey adoption rate (approximately 6%).
pixiv hypothesized that suggesting users to set up passkeys right after the user succeeded in logging in, could motivate the users to choose passkeys to make the login process easier.
The "middle" gap
Users who registered in the years immediately prior to the Security Confirmation screen rollout showed the lowest adoption (less than 4%). This group typically defaults to familiar password habits. Since this group is already accustomed to legacy password logins, pixiv hypothesized that they are less motivated to switch to passkeys compared to new users who see the recommendation when they first login.
pixiv promotes the passkey in the security settings page, and hopes that passkey adoption will increase as the familiarity of passkeys grows over time.
Future outlook
For pixiv, passkeys are a security upgrade, but also a key factor in user experience. By strategically focusing on the post-login moment, pixiv identified an effective path for adoption.
As global awareness of passkeys technology matures, pixiv intends to refine its Security Confirmation flows. These optimizations aim to transition its remaining 60% of users who rely on passwords toward a more secure, frictionless future, similar to the 99% authentication success rate already observed among early adopters.