Passwords out, passkeys in: The future of secure authentication
Why passkeys are the future of authentication
· TechRadarNews By Niall McConachie published 15 January 2025
Image credit: Shutterstock (Image credit: Shutterstock)
Since the inception of the internet, passwords have been the primary authentication factor to gain access to online accounts. Yubico’s recent Global State of Authentication survey of 20,000 employees found that 58 percent still use a username and password to login to personal accounts, with 54 percent using this login method to access work accounts.
This is despite the fact that 80 percent of breaches today are a result of stolen login credentials from attacks like phishing. Because of this, passwords are widely understood by security experts as the most insecure authentication method that leaves individuals, organizations and their employees around the world vulnerable to increasingly sophisticated modern cyber attacks like phishing.
In fact, even passwords which are considered ‘strong’ by websites – i.e., they contain more than a dozen characters comprising uppercase and lowercase letters, numbers, and symbols – can still be easily guessed or stolen by bad actors. Once they obtain the password, they can then bypass all legacy multi-factor authentication (MFA) systems and access individuals’ personal details with ease. Combined with the fact that people tend to reuse passwords across multiple accounts – which gives hackers the ability to breach multiple accounts with a single login – it becomes abundantly clear that passwords as an authentication method are flawed and extremely insecure in countless ways.
Surprisingly, there remains a lack of awareness regarding best practices for authentication: according to the same Yubico survey, 39 percent of individuals believe a username and password is the most secure form of authentication, while 37 percent consider mobile SMS one-time passcodes (OTPs) the most secure authentication method. While any form of MFA is superior to relying solely on a password, it’s important to recognize that not all MFA methods offer the same level of security. Traditional MFA techniques, including SMS-based OTPs and mobile authenticator applications, have significant vulnerabilities, with cyber criminals displaying an ability to easily circumvent these through phishing attacks.
As individuals and organizations become increasingly aware of the cyber risks associated with passwords and legacy MFA, enterprises have started to transition away from outdated authentication methods and move towards stronger, more cyber resilient technologies, in the form of phishing-resistant, passwordless solutions like passkeys.
Niall McConachie
Regional Director UK & Ireland at Yubico.
A passwordless future with passkeys
Understanding the risks that passwords bring, organizations and individuals around the world are looking for a solution that provides improved security and a better user experience. Passkeys have taken the world by storm as the de facto authentication solution across apps and websites to replace passwords – helping both individuals and enterprises achieve this easily. Passkeys seamlessly authenticate users by using cryptographic security “keys” stored on their computer or device. They are considered a superior alternative to passwords since users are not required to recall or manually enter long sequences of characters that can be forgotten, stolen or intercepted.
As passwordless-enabled FIDO credentials, passkeys deliver phishing resistance and accelerate a move away from problematic passwords that are easily breached. Passkeys are utilized for logging into applications and services efficiently and safely, thereby improving both productivity and online security. For example, passkeys require verification of possession as well as the user's physical presence during the login process, which effectively safeguards them from interception or theft by remote cyber criminals.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors