Analysis

Market-structure: Passkey portability (iOS26/macOS26) and Google defaulting passkeys create a two-sided win for device/platform owners (AAPL, GOOGL) and identity/SaaS specialists that embed FIDO (OKTA, HUBS). Expect share shifts over 12–36 months: IAM vendors with native passkey support gain pricing power and higher ARR visibility, while legacy password-centric vendors face margin pressure and churn. Network effects favor large clouds and platform-integrated managers; third-party password stores that rapidly certify FIDO can capture disintermediated enterprise spend. Risk assessment: Tail risks include a high-profile implementation breach, restrictive biometric regulation in the EU/US, or antitrust action against platform defaults — each could wipe 15–40% off implied adoption scenarios. Timing: immediate market reaction days–weeks (small), pilots and enterprise rollouts over 3–12 months, broad replacement of passwords 18–36+ months. Hidden dependencies: hardware root-of-trust, enterprise MDM integration, and cross-vendor portability standards; a slow migration increases integration costs and delays revenue realization. Trade implications: Favor long exposure to OKTA (identity orchestration) and GOOGL (consumer default + ecosystem leverage) with tactical AAPL long to play device lock-in and MDM upsell. Use defined-risk options to pull forward upside without overpaying; expect credit spreads for top-tier IAM vendors to compress if ARR growth accelerates. Cross-asset: modest tightening in corporate IG spreads for leaders; limited FX/commodity impact. Contrarian angles: Consensus underestimates enterprise inertia, API and SSO complexity, and regulatory pushback — adoption could be lumpy, not linear. Historical parallel: EMV chip migration improved security but took years and capex; passkeys may follow a multi-year, uneven adoption curve. That argues for staged exposure and option sizing rather than full share swaps up front.