From passwords to passkeys: Entering a new era in cybersecurity

Note: This article is also featured in Fortune Magazine here.

Phishing, a common tactic used by hackers to obtain access to sensitive information, is accredited as a contributing factor in over 80% of all security breaches. Phishing occurs when malicious actors impersonate a legitimate entity to deceive people into providing personal information  – typically via email, social media, text messages, or fake websites. Once the malicious actor has access to personal information tied to an account such as a personal or business email account, they have a treasure trove of information to continue infiltrating into additional accounts.

At the root of all phishing attacks are passwords, as they are the frontline for malicious actors to breach an account. While passwords have long been the go-to method for verifying identity online, they’re inherently insecure. Users are typically required to create complex strings of characters that they must remember and input correctly each time they access a system or application. However, this method has proven to be flawed in many ways. People tend to reuse passwords across multiple accounts and/or use easily guessable passwords, which gives hackers the ability to breach multiple accounts with a single password. Additionally, people can be easily tricked into sharing their passwords due to the sophistication of today’s phishing attacks where hackers are able to manipulate a fake website to appear legitimate. 

The solution to today’s modern phishing attacks

Fortunately, there are methods to combat phishing, one of which is passwordless multi-factor authentication (MFA) which offers a highly secure and user-friendly approach. At its core, passwordless authentication eliminates the need for users to create and remember passwords altogether. Instead, it leverages alternative factors, such as biometrics or physical security keys to verify a user’s identity. One of the key benefits of passwordless authentication is its ability to enhance security. Without passwords to steal or guess, attackers face a significantly higher barrier when attempting to gain unauthorized access to an account. 

Physical security keys like the YubiKey serve as an easy-to-use, highly secure, phishing-resistant passwordless authentication method where users employ physical keys to verify their identity during the login process. Unlike passwords, which can be vulnerable to theft or compromise, YubiKeys provide a tangible form of security that is resistant to phishing attacks and other forms of cyber threats.

In addition to being highly secure, passwordless authentication can greatly simplify the user experience. By removing the need for users to remember complex passwords, it reduces the friction associated with logging in and eliminates the frustration of forgotten passwords. This can lead to increased user satisfaction and productivity, especially in enterprise environments where employees often juggle multiple accounts and passwords.

The future is passwordless with passkeys

Passkeys have taken the world by storm as the de facto authentication solution across apps and websites to replace passwords – helping both individuals and enterprises achieve this easily. Passkeys seamlessly authenticate users by using cryptographic security “keys” stored on their computer or device. They are considered a superior alternative to passwords since users are not required to recall or manually enter long sequences of characters that can be forgotten, stolen or intercepted.

The increasing popularity and adoption of passkeys have exploded due to their widespread adoption by the world’s largest tech companies – who also happen to be the most used identity providers collectively – as millions of users begin to make the shift. With passkeys, users can easily sign in to apps and websites with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern, freeing them from having to remember and manage passwords. 

Passkeys have been supported on YubiKeys since 2018 and provide an even higher level of security as they are device-bound (meaning they are stored within a physical hardware device, cannot be copied and are not tied to a specific vendor) vs. other forms of passkeys that are syncable (meaning they are stored in the cloud, which are tied to a specific platform and can be copied across devices).

As we continue to navigate the ever-changing landscape of cybersecurity, embracing passwordless authentication will undoubtedly play a pivotal role in safeguarding our digital identities and securing the systems and services we rely on every day.

Talk to our teamTalk to our team

Share this article:


  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more
  • AI is booming — but proving you’re human matters more than everIf you walked the show floor at the RSA Conference this year, you probably noticed the same thing I did: Artificial Intelligence (AI) is everywhere. Agentic AI. AI in threat detection. AI in firewalls. AI in identity management. AI-generated demos. AI everything. The energy around AI was undeniable, and we’re seeing real innovation, efficiency gains […]Read moreAIArtificial IntelligencephishingRSAC
  • Ditching passwords for good: Celebrating the inaugural World Passkey DayHave you ever been stuck in a relationship with someone who constantly lets you down, exposes your secrets, and leaves you vulnerable? Odds are you cut your losses, packed up your things and moved on. Today is the day to do the same with your passwords: say goodbye forever! The reality is a majority of […]Read morepasskeyspasswordlessWorld Passkey Day
  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability