This fourth blog in a five-part series that explores the current state of passkeys and why enhanced implementations, what we call Passkeys+, are essential for meeting the security and compliance demands of

For decades, passwords were the default key to the digital world. Easy to implement and familiar to users, they offered convenience, but at a steep cost. As our digital footprints grew, passwords became both a security liability and a user burden. Complex requirements, frequent resets, and rampant reuse opened the floodgates to breaches, phishing attacks, and endless frustration.

In this episode of Smart Friends, Toby Rush shares the rollercoaster journey behind four startups and a nine-figure exit. From childhood influences to strategic sabbaticals, the conversation dives deep into the motivations behind serial entrepreneurship. Toby also unpacks the thinking behind his newest venture, Ideem, and how it’s aiming to make 2FA obsolete by bringing passkey-level security to payments and identity verification—without friction.

Let’s be honest, most two-factor authentication (2FA) methods are kind of a pain. Whether it’s scrambling to find your phone, entering a one-time code, or figuring out how to register a passkey, the process usually asks something of you. That’s fine for tech-savvy users. But what about everyone else?

Europe’s digital payments landscape is evolving—again. With the introduction of PSD3 and its companion regulation (PSR), the European Union is not only responding to rising fraud but also setting the stage for a more secure and inclusive financial future. At the heart of this shift lies a reimagining of Strong Customer Authentication (SCA) and the role that modern, passwordless solutions like passkeys might play in it.

When the internet exploded into a marketplace, battlefield, and everything in between, one of the biggest challenges became identity. How do you tell the difference between a legitimate user and a fraudster, especially when both show up from the same IP range, use the same browser, or even share similar behavior patterns?

For businesses operating online, getting a customer to the checkout page is hard enough. But getting them past it? That’s where payment acceptance becomes make-or-break.

In the ongoing battle against fraud and digital identity theft, Strong Customer Authentication (SCA) has emerged as a critical safeguard. Mandated in regions like the EU under the PSD2 directive and gaining traction globally, SCA aims to ensure that users are who they say they are before transactions are approved or sensitive information is accessed.

The future of checkout is fast, secure, and invisible. Passkeys are changing the way we log in, replacing clunky passwords with cryptographic credentials that are easier for users and harder for attackers to exploit. But when it comes to one-click checkout, relying on a single factor—even a passkey—isn’t always enough to ensure the transaction is legitimate. That’s where Ideem comes in.

One-click checkout should feel fast, effortless, and secure. Many platforms try to deliver this by leaning on device fingerprinting to recognize returning users. On paper, it seems efficient. But in practice, it introduces risk, friction, and a fragile trust model that simply cannot scale.