The FIDO Alliance is an open industry association launched in 2013 whose mission is to develop and promote authentication standards that help reduce the world’s over-reliance on passwords. Yubico has pioneered the development of FIDO authentication standards that the FIDO Alliance has adopted, working to make the internet safer for all. First published in 2022, the FIDO Alliance Design Guidelines offer data-backed recommendations for designers, engineers, product managers, content strategists, and UX researchers to guide the implementation and expansion of passkey support.
In late May, the alliance released significant updates which include research on passkey management and integrating different passkey types, like synced and device-bound passkeys. Research shows that prominently displaying passkey options within user account settings, alongside other authentication methods, and maintaining consistent styling across platforms with clear messaging effectively motivates users to create and use various passkey types. This approach maximizes adoption as users are more receptive to security actions.
The guidelines emphasize offering a choice between synced and device-bound passkeys (e.g., FIDO security keys like YubiKeys) for flexibility and enhanced security. A unified passkey management UI under “Passkeys” simplifies user interaction.
The guidelines also align with the long-term direction of passkeys. Highlights from additional FIDO research in 2024 show consumer passkey awareness and adoption are on the rise. A majority believe passkeys are more secure (61%) and more convenient than passwords (58%).
Phishing-resistant users: The future of passwordless security
Cybersecurity is designed by people, for people, and can be exploited by people. This is where the concept of a phishing-resistant user comes into focus – it is central in modern cybersecurity, focusing on the human element. With recent advancements in passwordless – and new on-device authentication solutions – the way an organization can establish and manage a user’s identity credential throughout its lifecycle has evolved to address these increasing challenges. In order to truly prevent phishing attacks, organizations must do more than just invest in phishing-resistant authentication – they must instead focus on enabling phishing-resistant users through modern authentication technology.
With awareness of passkeys as a phishing-resistant authentication method on the rise, the focus naturally shifts to the people actually using the technology. As modern and affordable devices proliferate, individuals use personal devices for work emails and work devices for personal tasks. For example, people often possess multiple devices (smartphones, laptops, tablets) across different platforms (Apple, Google, Microsoft) between personal and professional use.
Combining all passkey types in the same interface makes it quick and intuitive to register on a primary device. With research showing that changing behavior requires understanding and motivation, educating users about passkeys within settings can shape attitudes and encourage registration. People need to comprehend and apply advice and must be willing to change their attitudes and intentions. Introducing passkeys in relevant settings helps users adopt them, providing context and increasing engagement.
The YubiKey offers high assurance, high security and convenience: as a single-device passkey (device-bound), you simply plug in your YubiKey and enter a PIN and touch to authenticate — even if you registered on a different device or platform. Your cyber resilience starts with the YubiKey for robust and accessible cybersecurity that delivers phishing-resistant users.
For more information on the new FIDO Alliance Design Guidelines, visit their website here. Ensure the highest security and convenience for your digital accounts with YubiKey and become a phishing-resistant user today – it’s never been easier, with the ability to store up to 100 passkey credentials with the latest YubiKey updates. Visit our store for more information and to purchase keys for your organization.
