From passwords to passkeys: Entering a new era in cybersecurity

Note: This article is also featured in Fortune Magazine here.

Phishing, a common tactic used by hackers to obtain access to sensitive information, is accredited as a contributing factor in over 80% of all security breaches. Phishing occurs when malicious actors impersonate a legitimate entity to deceive people into providing personal information  – typically via email, social media, text messages, or fake websites. Once the malicious actor has access to personal information tied to an account such as a personal or business email account, they have a treasure trove of information to continue infiltrating into additional accounts.

At the root of all phishing attacks are passwords, as they are the frontline for malicious actors to breach an account. While passwords have long been the go-to method for verifying identity online, they’re inherently insecure. Users are typically required to create complex strings of characters that they must remember and input correctly each time they access a system or application. However, this method has proven to be flawed in many ways. People tend to reuse passwords across multiple accounts and/or use easily guessable passwords, which gives hackers the ability to breach multiple accounts with a single password. Additionally, people can be easily tricked into sharing their passwords due to the sophistication of today’s phishing attacks where hackers are able to manipulate a fake website to appear legitimate. 

The solution to today’s modern phishing attacks

Fortunately, there are methods to combat phishing, one of which is passwordless multi-factor authentication (MFA) which offers a highly secure and user-friendly approach. At its core, passwordless authentication eliminates the need for users to create and remember passwords altogether. Instead, it leverages alternative factors, such as biometrics or physical security keys to verify a user’s identity. One of the key benefits of passwordless authentication is its ability to enhance security. Without passwords to steal or guess, attackers face a significantly higher barrier when attempting to gain unauthorized access to an account. 

Physical security keys like the YubiKey serve as an easy-to-use, highly secure, phishing-resistant passwordless authentication method where users employ physical keys to verify their identity during the login process. Unlike passwords, which can be vulnerable to theft or compromise, YubiKeys provide a tangible form of security that is resistant to phishing attacks and other forms of cyber threats.

In addition to being highly secure, passwordless authentication can greatly simplify the user experience. By removing the need for users to remember complex passwords, it reduces the friction associated with logging in and eliminates the frustration of forgotten passwords. This can lead to increased user satisfaction and productivity, especially in enterprise environments where employees often juggle multiple accounts and passwords.

The future is passwordless with passkeys

Passkeys have taken the world by storm as the de facto authentication solution across apps and websites to replace passwords – helping both individuals and enterprises achieve this easily. Passkeys seamlessly authenticate users by using cryptographic security “keys” stored on their computer or device. They are considered a superior alternative to passwords since users are not required to recall or manually enter long sequences of characters that can be forgotten, stolen or intercepted.

The increasing popularity and adoption of passkeys have exploded due to their widespread adoption by the world’s largest tech companies – who also happen to be the most used identity providers collectively – as millions of users begin to make the shift. With passkeys, users can easily sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords. 

Passkeys have been supported on YubiKeys since 2018 and provide an even higher level of security as they are device-bound (meaning they are stored within a physical hardware device, cannot be copied and are not tied to a specific vendor) vs. other forms of passkeys that are syncable (meaning they are stored in the cloud, which are tied to a specific platform and can be copied across devices).

As we continue to navigate the ever-changing landscape of cybersecurity, embracing passwordless authentication will undoubtedly play a pivotal role in safeguarding our digital identities and securing the systems and services we rely on every day.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless