From passwords to passkeys: Entering a new era in cybersecurity

Note: This article is also featured in Fortune Magazine here.

Phishing, a common tactic used by hackers to obtain access to sensitive information, is accredited as a contributing factor in over 80% of all security breaches. Phishing occurs when malicious actors impersonate a legitimate entity to deceive people into providing personal information  – typically via email, social media, text messages, or fake websites. Once the malicious actor has access to personal information tied to an account such as a personal or business email account, they have a treasure trove of information to continue infiltrating into additional accounts.

At the root of all phishing attacks are passwords, as they are the frontline for malicious actors to breach an account. While passwords have long been the go-to method for verifying identity online, they’re inherently insecure. Users are typically required to create complex strings of characters that they must remember and input correctly each time they access a system or application. However, this method has proven to be flawed in many ways. People tend to reuse passwords across multiple accounts and/or use easily guessable passwords, which gives hackers the ability to breach multiple accounts with a single password. Additionally, people can be easily tricked into sharing their passwords due to the sophistication of today’s phishing attacks where hackers are able to manipulate a fake website to appear legitimate. 

The solution to today’s modern phishing attacks

Fortunately, there are methods to combat phishing, one of which is passwordless multi-factor authentication (MFA) which offers a highly secure and user-friendly approach. At its core, passwordless authentication eliminates the need for users to create and remember passwords altogether. Instead, it leverages alternative factors, such as biometrics or physical security keys to verify a user’s identity. One of the key benefits of passwordless authentication is its ability to enhance security. Without passwords to steal or guess, attackers face a significantly higher barrier when attempting to gain unauthorized access to an account. 

Physical security keys like the YubiKey serve as an easy-to-use, highly secure, phishing-resistant passwordless authentication method where users employ physical keys to verify their identity during the login process. Unlike passwords, which can be vulnerable to theft or compromise, YubiKeys provide a tangible form of security that is resistant to phishing attacks and other forms of cyber threats.

In addition to being highly secure, passwordless authentication can greatly simplify the user experience. By removing the need for users to remember complex passwords, it reduces the friction associated with logging in and eliminates the frustration of forgotten passwords. This can lead to increased user satisfaction and productivity, especially in enterprise environments where employees often juggle multiple accounts and passwords.

The future is passwordless with passkeys

Passkeys have taken the world by storm as the de facto authentication solution across apps and websites to replace passwords – helping both individuals and enterprises achieve this easily. Passkeys seamlessly authenticate users by using cryptographic security “keys” stored on their computer or device. They are considered a superior alternative to passwords since users are not required to recall or manually enter long sequences of characters that can be forgotten, stolen or intercepted.

The increasing popularity and adoption of passkeys have exploded due to their widespread adoption by the world’s largest tech companies – who also happen to be the most used identity providers collectively – as millions of users begin to make the shift. With passkeys, users can easily sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords. 

Passkeys have been supported on YubiKeys since 2018 and provide an even higher level of security as they are device-bound (meaning they are stored within a physical hardware device, cannot be copied and are not tied to a specific vendor) vs. other forms of passkeys that are syncable (meaning they are stored in the cloud, which are tied to a specific platform and can be copied across devices).

As we continue to navigate the ever-changing landscape of cybersecurity, embracing passwordless authentication will undoubtedly play a pivotal role in safeguarding our digital identities and securing the systems and services we rely on every day.

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless