Which Loyalty Programs offer Passkeys?
Which loyalty programs support passkeys? Analysis of 50+ airlines, 20 hotel chains and 6 retail loyalty programs with passkey adoption status.
Vincent
Created: February 9, 2026
Updated: February 12, 2026
Authentication Analytics Whitepaper:
Track passkey adoption & impact on revenue.
Summary: Loyalty Program Passkeys#
This FAQ evaluates passkey adoption across the world's leading loyalty programs in aviation, hospitality and retail. Key findings as of early 2026:
- Airlines: Only 2 out of 50 top carriers (Air New Zealand and Cathay Pacific) support passkeys. British Airways is in limited testing.
- Hotels: Only 1 out of 20 top chains (Hyatt) has implemented passkeys. Marriott, Hilton and IHG have not.
- Retail: None of the 6 major non-e-commerce loyalty programs analyzed (Starbucks, McDonald's, IKEA, Dunkin', CVS and Walgreens) support passkeys. For e-commerce passkey adoption, see our dedicated analysis.
- Fraud: Loyalty fraud has increased 89% since 2019, costing the travel industry over $1 billion annually.
- Stored value at risk: Approximately $48 billion in unspent loyalty points sit in U.S. member accounts alone, often protected by nothing more than a password.
1. Benefits of Passkeys for Loyalty Programs#
Passkeys offer loyalty programs a unique combination of security and UX improvements that directly impact revenue and customer retention.
1.1 Roaming reliability#
- Passkeys work without cellular signal or SMS delivery. Authentication happens locally on the device via biometrics (Face ID, Touch ID) or a device PIN.
- This eliminates the SMS OTP failure problem that affects international travelers - a critical issue for airlines and hotels whose customers are by definition mobile.
1.2 Phishing resistance#
- Passkeys are cryptographically bound to the legitimate domain. A passkey for
airline.comwill not function onairline-login-secure.com. - This neutralizes the most common attack vector against loyalty programs: fake login pages that harvest credentials.
1.3 Reduced fraud and account takeover#
- Credential stuffing attacks (using leaked password databases) become ineffective because there is no password to stuff.
- 45% of loyalty accounts are inactive, making them prime targets. Passkeys protect these dormant accounts without requiring user action.
1.4 Lower support costs#
- 42% of consumers abandon purchases due to forgotten passwords - rising to 50% for Gen Z.
- Real-world deployments show 20% faster sign-ins and 30% higher success rates compared to passwords.
- Enterprises can save up to 90% in OTP-related expenses by switching to passkeys.
1.5 Cross-device recovery via synced Passkeys#
- Synced passkeys are stored in the user's cloud account (iCloud Keychain, Google Password Manager or 1Password) and available across all their devices.
- If a traveler loses their phone, they can log in from any other device linked to the same cloud account. This contrasts sharply with SMS 2FA which requires the original SIM card.
2. Current Authentication Challenges in Loyalty Programs#
Most loyalty programs still rely on passwords, SMS OTPs or security questions. This creates three categories of problems.
2.1 Roaming Barrier: Why SMS fails Travelers#
The most compelling argument for passkeys in travel is the inherent unreliability of SMS OTPs for international travelers.
Typical failure scenario: A frequent flyer lands in Tokyo and swaps their home SIM for a local data SIM to avoid roaming charges. When their airline app triggers an SMS verification code to the home number, the message never arrives. The traveler is locked out of their boarding pass, lounge access and booking management.
SMS reliability data:
- Delivery failure rates reach 15-20% in certain regions and network conditions
- Latency often exceeds the timeout window of login screens, creating "loops" of expired codes
- For global enterprises, SMS OTP delivery costs millions annually
Passkeys eliminate this entire failure domain. If the user has an internet connection, they can log in.
2.2 Loyalty Points are a $48 Billion Security Gap#
Loyalty points are no longer just "miles". For many customers, they are a liquid, unregulated global currency.
- Stored value: Approximately $48 billion in unspent loyalty points sit in U.S. member accounts alone.
- Easy monetization: Hackers book flights or hotels for resale or convert points into gift cards. This "burn" fraud is immediate and often irreversible.
- Low monitoring: Unlike bank accounts, loyalty accounts are checked infrequently. A user may not log in for months, giving fraudsters a wide window to drain the account.
The travel industry is experiencing a massive spike in account takeover (ATO) attacks. According to EY, loyalty fraud has increased 89% since 2019, with airline fraud cases surging 30% in a single year. The total cost exceeds $1 billion annually.
2.3 Support Burden and Conversion Loss#
The hidden cost of password-based authentication:
- A significant share of helpdesk calls relate to forgotten passwords or locked accounts.
- Every second of login friction reduces booking conversion. For an airline, a user who abandons a booking because they cannot log in is lost revenue.
- Programs like Marriott's 2FA lock users out for up to 4 days after changing their email or phone number. Hilton Honors users report persistent "Something went wrong" login errors.
3. Airline Loyalty Programs#
Airlines face the most acute authentication challenges due to the mobility of their user base. The industry has decisively shifted from distance-based to revenue-based loyalty models, turning programs into high-margin profit centers often valued more highly than the airline operations themselves. The following analysis breaks down the adoption status of the top 50 global carriers.
3.1 Overview of Airline Adoption#
3.1.1 North America#
| Airline | Program | Revenue 2025 ($B) | Alliance | Passkey Status |
|---|---|---|---|---|
| Delta Air Lines | SkyMiles | 58.2 | SkyTeam | ❌ Not yet available |
| United Airlines | MileagePlus | 56.0 | Star Alliance | ❌ Not yet available |
| American Airlines | AAdvantage | 53.6 | Oneworld | ❌ Not yet available |
| Southwest Airlines | Rapid Rewards | 27.4 | None | ❌ Not yet available |
| Air Canada | Aeroplan | 16.2 | Star Alliance | ❌ Not yet available |
| Alaska Airlines | Mileage Plan | 10.8 | Oneworld | ❌ Not yet available |
| JetBlue | TrueBlue | 9.3 | None | ❌ Not yet available |
| Spirit Airlines | Free Spirit | N/A | None | ❌ Not yet available |
| Frontier Airlines | Frontier Miles | 3.6 | None | ❌ Not yet available |
3.1.2 Europe#
| Airline | Program | Revenue 2025 ($B) | Alliance | Passkey Status |
|---|---|---|---|---|
| Lufthansa Group | Miles & More | 40.0 | Star Alliance | ❌ Not yet available |
| IAG (British Airways / Iberia) | Avios | 33.9 | Oneworld | ❌ Limited testing |
| Air France-KLM | Flying Blue | 33.6 | SkyTeam | ❌ Not yet available |
| Ryanair | MyRyanair / Choice | 14.7 | None | ❌ Not yet available |
| easyJet | Flight Club | 11.8 | None | ❌ Not yet available |
| Jet2 | N/A | 8.8 | None | ❌ Not yet available |
| Wizz Air | Discount Club | 5.5 | None | ❌ Not yet available |
| TAP Air Portugal | Miles&Go | 4.6 | Star Alliance | ❌ Not yet available |
| Virgin Atlantic | Flying Club | 3.9 | SkyTeam | ❌ Not yet available |
| Finnair | Finnair Plus (Avios) | 3.2 | Oneworld | ❌ Not yet available |
| Pegasus Airlines | BolBol | 3.2 | None | ❌ Not yet available |
3.1.3 Middle East#
| Airline | Program | Revenue 2025 ($B) | Alliance | Passkey Status |
|---|---|---|---|---|
| Emirates | Skywards | 33.8 | None | ❌ Not yet available |
| Turkish Airlines | Miles&Smiles | 22.2 | Star Alliance | ❌ Not yet available |
| Qatar Airways | Privilege Club (Avios) | 22.2 | Oneworld | ❌ Not yet available |
| Etihad Airways | Etihad Guest | 5.5 | None | ❌ Not yet available |
3.1.4 Asia-Pacific#
| Airline | Program | Revenue 2025 ($B) | Alliance | Passkey Status |
|---|---|---|---|---|
| China Southern | Sky Pearl Club | 24.4 | None | ❌ Not yet available |
| Air China | PhoenixMiles | 22.8 | Star Alliance | ❌ Not yet available |
| China Eastern | Eastern Miles | 18.2 | SkyTeam | ❌ Not yet available |
| Qantas | Frequent Flyer | 14.5 | Oneworld | ❌ Not yet available |
| Singapore Airlines | KrisFlyer | 14.4 | Star Alliance | ❌ Not yet available |
| ANA | ANA Mileage Club | 14.3 | Star Alliance | ❌ Not yet available |
| Korean Air | Skypass | 12.0 | SkyTeam | ❌ Not yet available |
| Cathay Pacific | Cathay | 11.6 | Oneworld | ✅ Fully Implemented |
| Japan Airlines | JAL Mileage Bank | 11.5 | Oneworld | 🚧 In development |
| China Airlines | Dynasty Flyer | 6.2 | SkyTeam | ❌ Not yet available |
| Asiana Airlines | Asiana Club | 5.4 | Star Alliance | ❌ Not yet available |
| Thai Airways | Royal Orchid Plus | 5.1 | Star Alliance | ❌ Not yet available |
| Air New Zealand | Airpoints | 4.1 | Star Alliance | ✅ Fully Implemented |
| IndiGo | 6E Rewards | N/A | None | ❌ Not yet available |
| EVA Air | Infinity MileageLands | N/A | Star Alliance | ❌ Not yet available |
| Hainan Airlines | Fortune Wings Club | N/A | None | ❌ Not yet available |
| Vietnam Airlines | Lotusmiles | N/A | SkyTeam | ❌ Not yet available |
| Garuda Indonesia | GarudaMiles | N/A | SkyTeam | ❌ Not yet available |
| El Al | Matmid | 3.3 | None | ❌ Not yet available |
3.1.5 Latin America#
| Airline | Program | Revenue 2025 ($B) | Alliance | Passkey Status |
|---|---|---|---|---|
| LATAM Airlines | LATAM Pass | 12.9 | None | ❌ Not yet available |
| Avianca | LifeMiles | 5.1 | Star Alliance | ❌ Not yet available |
| Aeromexico | Club Premier | 4.9 | SkyTeam | ❌ Not yet available |
| Azul | TudoAzul | 3.7 | None | ❌ Not yet available |
| Gol | Smiles | 3.6 | None | ❌ Not yet available |
| Copa Airlines | ConnectMiles | 3.5 | Star Alliance | ❌ Not yet available |
| Volaris | V.Club | 3.2 | None | ❌ Not yet available |
3.2 Summary: Airline Passkey Adoption#
Out of the top 50 airlines globally, only 2 carriers (Air New Zealand and Cathay Pacific) have fully implemented passkeys. British Airways is conducting limited testing. The remaining 47+ airlines - managing accounts collectively worth tens of billions of dollars in mileage currency - still rely on passwords, SMS OTPs or security questions. This represents the single largest authentication gap in the consumer loyalty economy.
Does Delta SkyMiles offer passkeys?#
No. Delta recently began enforcing mandatory MFA (email/SMS codes) in response to widespread account suspension incidents caused by credential stuffing bots. Users have explicitly requested passkey support as a modern alternative, but no plans have been announced.
Does United Airlines MileagePlus offer passkeys?#
No. United still relies on password + security questions as its primary authentication. Executives have hinted at major "frictionless" updates for 2026, but no passkey rollout has been confirmed. United has been aggressive with status matching campaigns, suggesting a focus on growth over security modernization so far.
Does American Airlines AAdvantage offer passkeys?#
No. AAdvantage relies on standard password authentication with SMS-based 2FA. No public plans for passkey support have been disclosed.
Does Southwest Airlines Rapid Rewards offer passkeys?#
No. Despite its reputation for simplicity, Southwest uses basic password-only login with no MFA or passkey support.
Does Air Canada Aeroplan offer passkeys?#
No. Aeroplan - widely considered one of the best-designed loyalty programs - uses standard password login. No passkey plans have been announced.
Does Alaska Airlines Mileage Plan offer passkeys?#
No. Alaska Airlines uses standard password login. The program recently shifted closer to revenue-based models following its merger with Hawaiian Airlines.
Does JetBlue TrueBlue offer passkeys?#
No. JetBlue uses standard password authentication. No passkey plans have been announced.
Does Spirit Airlines Free Spirit offer passkeys?#
No. Spirit uses basic password login with no MFA or passkey support.
Does Frontier Airlines Frontier Miles offer passkeys?#
No. Frontier relies on standard password login with no passkey plans announced.
Does Lufthansa Miles & More offer passkeys?#
No. Miles & More recently migrated to a unified Travel ID across all Lufthansa Group airlines (Lufthansa, SWISS, Austrian, Brussels Airlines, Eurowings). It supports SMS-based 2FA and an optional TOTP authenticator app, but no passkeys. Frequent flyer forums report significant friction with the SMS fallback when traveling abroad, as enabling the authenticator app itself requires an SMS-verified login first.
Does British Airways Avios offer passkeys?#
Limited testing. British Airways (part of IAG) has been testing passkeys in limited capacity. A full rollout has not been confirmed. The Avios currency is shared across IAG airlines including Iberia, Aer Lingus and Vueling.
Does Air France-KLM Flying Blue offer passkeys?#
No. Flying Blue uses standard password login with SMS 2FA. No passkey plans have been announced despite the program's aggressive 2025/2026 status matching campaigns targeting BA elites.
Does Ryanair MyRyanair offer passkeys?#
No. Ryanair uses basic password login. Its "MyRyanair" platform is primarily a data-gathering tool rather than a traditional loyalty program.
Does easyJet Flight Club offer passkeys?#
No. easyJet's invitation-only Flight Club uses standard password authentication. No passkey plans have been announced.
Does Jet2 offer passkeys?#
No. Jet2 uses standard password login for its leisure-focused operations.
Does Wizz Air Discount Club offer passkeys?#
No. Wizz Air's subscription-based Discount Club uses standard password login.
Does TAP Air Portugal Miles&Go offer passkeys?#
No. TAP uses standard password authentication for its Miles&Go program.
Does Virgin Atlantic Flying Club offer passkeys?#
No. Virgin Atlantic - now a SkyTeam member - uses standard password login for its Flying Club program. No passkey plans have been announced.
Does Finnair Plus offer passkeys?#
No. Finnair recently adopted Avios as its loyalty currency but uses standard password authentication. No passkey support.
Does Pegasus Airlines BolBol offer passkeys?#
No. The Turkish LCC uses standard password login for its revenue-based BolBol program.
Does Emirates Skywards offer passkeys?#
No. Emirates relies on password + SMS OTP despite managing accounts holding substantial points value as a transfer partner for Amex, Chase, Capital One and Citi. No passkey plans have been announced.
Does Turkish Airlines Miles&Smiles offer passkeys?#
No. Turkish Airlines flies to more countries than any other airline - making the SMS roaming problem especially severe - yet relies on legacy IT infrastructure with basic password login.
Does Qatar Airways Privilege Club offer passkeys?#
No. Qatar Airways adopted Avios as its currency, linking it with British Airways, but uses standard password + SMS 2FA. No passkey support despite a highly international member base.
Does Etihad Guest offer passkeys?#
No. Etihad uses standard password login for its Etihad Guest program. No passkey plans have been announced.
Does China Southern Sky Pearl Club offer passkeys?#
No. China Southern - the largest Asian carrier by fleet - uses WeChat integration for domestic users but basic password login for its international-facing web platform.
Does Air China PhoenixMiles offer passkeys?#
No. Air China uses standard password login for its PhoenixMiles program.
Does China Eastern Eastern Miles offer passkeys?#
No. China Eastern uses standard password login. Western travelers find it difficult to engage with the program digitally.
Does Qantas Frequent Flyer offer passkeys?#
No. The Qantas program generates more profit than the airline's international operations, but authentication remains password-based with no passkey implementation.
Does Singapore Airlines KrisFlyer offer passkeys?#
No. KrisFlyer uses standard password + SMS 2FA. Its 36-month hard expiry policy combined with no passkey support creates friction for infrequent flyers trying to access their account.
Does ANA Mileage Club offer passkeys?#
No. ANA uses basic password authentication. The booking interface is widely considered archaic, and partner transfers can take days.
Does Korean Air Skypass offer passkeys?#
No. Korean Air uses standard password login. The program is in flux due to the pending merger with Asiana Airlines.
Does Cathay Pacific offer passkeys?#
Yes. Cathay Pacific implemented passkey authentication for its rebranded "Cathay" membership program, supporting biometric sign-in across web and app. This is particularly significant for a carrier whose member base spans dozens of countries in Asia-Pacific where roaming SMS failures are common.
Does Japan Airlines JAL Mileage Bank offer passkeys?#
No. As of February 2026, JAL doesn't support passkeys yet. However, they're actively working on their implementation as the screenshot above shows. Currently, they use standard password login for one of the few remaining distance-based programs.
Does China Airlines Dynasty Flyer offer passkeys?#
No. China Airlines uses standard password authentication for its Dynasty Flyer program.
Does Asiana Airlines Asiana Club offer passkeys?#
No. Asiana uses standard password login. The program's future is uncertain due to the pending Korean Air merger.
Does Thai Airways Royal Orchid Plus offer passkeys?#
No. Thai Airways uses standard password authentication for its Royal Orchid Plus program.
Does Air New Zealand Airpoints offer passkeys?#
Yes. Air New Zealand fully supports passkeys, allowing members to log in with Face ID or Touch ID. This positions it as a digital leader in the APAC region, setting a standard that larger carriers like Qantas and Singapore Airlines have yet to match.
Does IndiGo 6E Rewards offer passkeys?#
No. India's dominant LCC uses basic password login. Its rewards program is co-brand credit card driven rather than a traditional frequent flyer scheme.
Does EVA Air Infinity MileageLands offer passkeys?#
No. The Taiwan-based Star Alliance member uses standard password authentication.
Does Hainan Airlines Fortune Wings Club offer passkeys?#
No. Hainan Airlines uses standard password login for its Fortune Wings Club program.
Does Vietnam Airlines Lotusmiles offer passkeys?#
No. Vietnam Airlines uses standard password authentication for its growing SkyTeam-affiliated program.
Does Garuda Indonesia GarudaMiles offer passkeys?#
No. Garuda Indonesia uses standard password login.
Does El Al Matmid offer passkeys?#
No. El Al revamped its Matmid program in 2024 to be more revenue-based, but authentication remains standard password login.
Does LATAM Airlines LATAM Pass offer passkeys?#
No. LATAM - the dominant program in South America - uses standard password login. The program recently exited Oneworld and entered a joint venture with Delta.
Does Avianca LifeMiles offer passkeys?#
No. LifeMiles uses standard password authentication. The program is known for selling miles cheaply during promotions and offering Star Alliance first-class seats at deep discounts.
Does Aeromexico Club Premier offer passkeys?#
No. Aeromexico uses standard password login for its Club Premier program.
Does Azul TudoAzul offer passkeys?#
No. Azul uses standard password authentication for its Brazilian loyalty program.
Does Gol Smiles offer passkeys?#
No. Gol's separately traded Smiles program uses standard password login.
Does Copa Airlines ConnectMiles offer passkeys?#
No. Copa Airlines uses standard password authentication for its distance-based ConnectMiles program.
Does Volaris V.Club offer passkeys?#
No. Volaris uses standard password login for its subscription-based V.Club model.
4. Hotel Loyalty Programs#
Hotels face a "burn" fraud risk: attackers steal points to book stays for the same night, checking in before the victim notices. The primary strategic imperative for global hotel chains in 2025 is the "Book Direct" campaign - bypassing OTAs like Expedia and Booking.com to save on 15-20% commission fees. This makes frictionless authentication critical for driving direct bookings.
4.1 Overview of Hotel Adoption#
| Hotel Chain | Program | Hotels | Passkey Status |
|---|---|---|---|
| Marriott International | Bonvoy | 9,266 | ❌ Not yet available |
| Jin Jiang International | Jin Jiang Club / WeHotel | 14,311 | ❌ Not yet available |
| Hilton Worldwide | Honors | 8,342 | ❌ Not yet available |
| H World Group | H World Membership | 10,580 | ❌ Not yet available |
| IHG Hotels & Resorts | IHG One Rewards | 6,599 | ❌ Not yet available |
| Wyndham Hotels & Resorts | Wyndham Rewards | 9,286 | ❌ Not yet available |
| Accor | ALL - Accor Live Limitless | 5,682 | ❌ Not yet available |
| Choice Hotels | Choice Privileges | 7,586 | ❌ Not yet available |
| OYO Hotels | OYO Wizard | 20,667 | ❌ Not yet available |
| BTH Hotels (BTG) | BTG Homeinns | 6,910 | ❌ Not yet available |
| Hyatt Hotels Corp | World of Hyatt | N/A | ✅ Fully Implemented |
| Minor Hotels | GHA Discovery | N/A | ❌ Not yet available |
| G6 Hospitality | My6 | N/A | ❌ Not yet available |
| GreenTree | GreenTree Rewards | N/A | ❌ Not yet available |
| Meliá Hotels | MeliáRewards | N/A | ❌ Not yet available |
| Pan Pacific | Pan Pacific Discovery | N/A | ❌ Not yet available |
| Barceló Group | my Barceló | N/A | ❌ Not yet available |
| Dalata Hotel Group | Clayton/Maldron Rewards | N/A | ❌ Not yet available |
| Whitbread | Premier Inn (No points) | N/A | ❌ Not yet available |
4.2 Summary: Hotel Passkey Adoption#
Out of the top 20 hotel chains globally - controlling over 12 million rooms - only 1 chain (Hyatt) has fully implemented passkeys for consumer authentication. The three largest programs (Marriott Bonvoy, Jin Jiang Club, Hilton Honors) collectively manage over 4.3 million rooms and hundreds of millions of member accounts, all secured by legacy password/SMS methods.
Does Marriott Bonvoy offer passkeys?#
No. Note: Marriott uses "Passkey" (by Cvent) for group booking room block management - this is an unrelated product, not FIDO2 passkey authentication. Marriott's current MFA is a source of significant member frustration: changing an email or phone number triggers a 4-day lockout from 2FA codes and "Send Code" emails often never arrive.
Does Jin Jiang Club offer passkeys?#
No. Jin Jiang dominates China and owns Radisson Hotel Group internationally. WeChat-based loyalty is world-leading, but no FIDO2 support exists for international travelers using Radisson Rewards.
Does Hilton Honors offer passkeys?#
No. Despite offering advanced "Digital Key" technology (unlocking room doors via Bluetooth/NFC), app login remains legacy password-based. Users report "Something went wrong" errors and Digital Key sharing failures. Passkeys would bridge the gap: Authenticate to Phone → App Opens (Passkey) → Room Opens (Digital Key).
Does H World Group offer passkeys?#
No. Despite achieving 85% direct booking share - the highest in the industry - and sophisticated WeChat integration in China, H World does not support passkeys.
Does IHG One Rewards offer passkeys?#
No. IHG recently revamped its program with gamified "Milestone Rewards" and is expanding into luxury with Six Senses, but authentication remains standard password login.
Does Wyndham Rewards offer passkeys?#
No. Wyndham uses a simple flat-rate redemption model and has a partnership with Caesars Rewards, but no modern authentication.
Does Accor ALL offer passkeys?#
No. The European champion uses standard password login across all its brands (Raffles, Sofitel, Fairmont, Ibis, Mercure, Novotel). No passkey plans have been announced.
Does Choice Privileges offer passkeys?#
No. Choice Hotels focuses on the mid-scale market (Comfort Inn, Quality Inn, Cambria) and recently acquired Radisson Hotels Americas. Standard password login with no passkey plans announced.
Does OYO Wizard offer passkeys?#
No. OYO is a budget aggregator platform with a subscription-based loyalty model offering 5-10% discounts. Authentication is basic across its 20,000+ properties.
Does BTG Homeinns offer passkeys?#
No. The Chinese state-owned enterprise focuses on domestic business travel with standard password login.
Does World of Hyatt offer passkeys?#
Yes. Hyatt is a pioneer, supporting the full WebAuthn standard with both platform passkeys and hardware authenticators like YubiKeys. A case study on Hyatt's passwordless implementation describes how the chain uses these credentials for both guest accounts and internal staff. For "Globalist" members carrying hundreds of thousands of points, this provides the highest level of security against remote attackers.
Does Minor Hotels GHA Discovery offer passkeys?#
No. The Thailand-based resort and luxury group uses standard password authentication for its GHA Discovery program.
Does G6 Hospitality My6 offer passkeys?#
No. The economy-focused hotel chain uses standard password authentication for its My6 program.
Does GreenTree GreenTree Rewards offer passkeys?#
No. The Chinese franchised economy hotel chain uses standard password login for its GreenTree Rewards program.
Does Meliá MeliáRewards offer passkeys?#
No. The Spanish vacation and resort chain uses standard password login. No passkey plans have been announced.
Does Pan Pacific Pan Pacific Discovery offer passkeys?#
No. The Singapore-based pan-Asian luxury hotel group uses standard password authentication for its Pan Pacific Discovery program.
Does Barceló Group my Barceló offer passkeys?#
No. The Spanish leisure-focused hotel group uses standard password login for its my Barceló program.
Does Dalata Hotel Group Clayton/Maldron Rewards offer passkeys?#
No. The Ireland-based business and city hotel group uses standard password authentication for its Clayton and Maldron Rewards programs.
Does Whitbread Premier Inn offer passkeys?#
No. Whitbread notably does not operate a points-based loyalty program at all, relying on a "Business Booker" portal and consistent low pricing. Authentication is basic password login.
5. Retail & Coalition Loyalty#
Retail loyalty is high-volume, low-latency. The goal is to keep the user logged in to ensure they capture the points (and data) from every transaction. Unlike travel loyalty (low frequency, high value), retail loyalty relies on high-frequency, lower-value transactions.
For e-commerce specifically, check these dedicated analyses:
- Overview of e-commerce shops currently offering passkeys
- Analysis of e-commerce authentication
The following covers loyalty programs in food & beverage, home and pharmacy that are not part of the e-commerce analyses above.
5.1 Overview of Retail Adoption#
| Retailer | Program | Passkey Status |
|---|---|---|
| Starbucks | Starbucks Rewards | ❌ Not yet available |
| McDonald's | MyMcDonald's Rewards | ❌ Not yet available |
| Dunkin' | Dunkin' Rewards | ❌ Not yet available |
| IKEA | IKEA Family | ❌ Not yet available |
| CVS | ExtraCare | ❌ Not yet available |
| Walgreens | myWalgreens | ❌ Not yet available |
Does Starbucks Rewards offer passkeys?#
No. Despite holding billions in prepaid balances per its Rewards Terms of Use, Starbucks relies on passwords. A major program revamp launching March 2026 introduces new tiers (Green, Gold, Reserve) but includes no authentication upgrades. Starbucks accounts are frequently targeted because they hold cash value, leaving balances vulnerable to credential stuffing.
Does McDonald's MyMcDonald's Rewards offer passkeys?#
No. McDonald's has rolled out its rewards program globally with a simple points-for-food model and personalized push offers, but uses standard password login.
Does Dunkin' Rewards offer passkeys?#
No. Dunkin' rebranded from DD Perks to a tiered revenue-based model. Authentication remains password-based.
Does IKEA Family offer passkeys?#
No. IKEA Family has 110M+ members globally, making it one of the largest free loyalty programs. Login remains password-based.
Does CVS ExtraCare offer passkeys?#
No. CVS operates a coupon-heavy loyalty program with standard password authentication.
Does Walgreens myWalgreens offer passkeys?#
No. myWalgreens focuses on health goals (earning points for walking) and cash rewards. Standard password login.
6. Conclusion#
For the loyalty industry, passkeys are not just a security feature. They are a customer experience feature. In an industry defined by movement, the static nature of passwords and the geographic tether of SMS OTPs are archaic liabilities.
- Airlines must adopt passkeys to solve the roaming lockout issue. Of the top 50 carriers managing a combined $1+ trillion in revenue, only 2 (Air New Zealand and Cathay Pacific) support passkeys.
- Hotels must adopt them to stop "burn" fraud and streamline the app-to-room journey. Of the top 20 chains managing 12+ million rooms, only 1 (Hyatt) offers passkey support.
- Retailers must adopt them to maximize conversion speed. High-value programs like Starbucks (billions in stored value) and IKEA (110M+ members) remain fully exposed to credential stuffing.
The technology is mature, the standards are set and the market leaders (Hyatt, Amazon and Cathay Pacific) have already proven the ROI. The era of the password-protected frequent flyer account is ending.
Disclaimer: This report provides an analysis of the state of authentication as of February 2026. Implementation statuses (e.g. "Not yet available") are based on public documentation and testing and may change as companies roll out new features.
Share this article
Table of Contents
Related FAQs
Related Terms
Related Articles
