Yubico’s perspective and resource guide to passkeys 101

Derek Hanson

Derek Hanson

2 minute read

There has been a lot of information lately about the new ‘password-killing’ solution, the passkey. As we’ve discussed in previous posts on the topic, passkeys are a new industry term to make existing technology standards approachable to users. Passkeys are discoverable FIDO credentials that enable users to authenticate to websites without a password. Two types of discoverable FIDO credentials enable passwordless authentication; copyable or hardware bound.

Copyable passkeys can be synced across smartphones, tablets, and laptops/desktops and are primarily meant for consumer scenarios to help them move away from phishing-prone passwords. By contrast, hardware-bound passkeys – where the FIDO credential stays on the portable authenticator (such as a YubiKey) – are a benefit for enterprises and high assurance consumers, or just high assurance use cases. 

While copyable passkeys are new to the scene, hardware-bound passkey use cases have been supported by both the YubiKey 5 Series and Security Key Series since we launched them in 2018.

Early demos of copyable passkey solutions show how the passkey is not bound to the physical authenticator, but may be copied to the user’s profile in the user’s cloud account. Ultimately, passkeys enable new user experiences and drive adoption of FIDO authentication, but copyable passkeys represent another trade-off between security and usability. Decision makers will have to choose whether they want to accept these trade-offs, including a gradient of security considerations. 

(image courtesy of @vibronet via Identiverse)

Yubico’s passkey resources
We will continue to share important information so you can understand passkeys further.  Our goal is to inform you so that you can make critical decisions for your business moving forward:

What’s next

We are actively working on developing additional content detailing important passkey takeaways specifically for enterprises and developers who are looking for more information on what passkeys are and how to use them. We plan to publish this content in the coming weeks and months and will update this post with future content as available. Be sure to check back for the latest answers to any passkey questions you may have.

, , , ,
Talk to our teamTalk to our team

Share this article:
  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless