World Passkey Day 2025: Leaving Passwords in the Past – Yubico Comments

Cybersecurity
30.04.2025 02:55 pm

1st May has traditionally been known as World Password Day. However, this year Yubico is calling for stricter regulations on protecting accounts and an end to relying on passwords to protect valuable information. That’s why on 1st May 2025 the company is celebrating World Passkey Day with the FIDO Alliance in an effort to put an end to password use globally, and encourage widespread adoption of more secure, modern authentication methods.

Much to the dismay of cybersecurity experts, passwords are still the most commonly used authentication method – leaving users highly susceptible to cyber attacks like phishing. While the UK government introduced regulations designed to protect consumers against hacking and cyber attacks over a year ago, these standards are not stringent enough – only eradicating common or easily guessable passwords rather than eliminating passwords altogether.

This World Passkey Day, Niall McConachie, regional director (UK & Ireland) at Yubico, explains the issue with passwords and how, by embracing passwordless multi-factor authentication (MFA), users can better protect themselves and their data:

“Despite widespread calls for passwords to be left in the past, we are still subjected to the lack of protection this outdated and insufficient security method provides – even in 2025. In short, passwords are just not good enough to protect our most important personal details and secure our online presence.

“Passwords are not only easy to forget, but also easy to guess – even the strongest ones can be easily targeted and intercepted for phishing attacks. Once a password is stolen, cyber criminals can effortlessly circumvent legacy forms of MFA, such as SMS-based authentication like on-time passcodes (OTPs). Therefore, the most secure option is to remove passwords altogether and instead opt for phishing-resistant authentication methods like passkeys.

“Using passkeys ensures that individuals' accounts cannot be compromised, even in the event of a phishing attack. Passkey options like physical security keys are the most secure option for protecting employee accounts since they can't be shared, intercepted or stolen by remote attackers – meaning only the key holder can gain access to their accounts.

“With phishing-resistant MFA available to all, there’s no need to continue using insufficient authentication methods like passwords to keep online accounts secure. There are truly secure options available, which won’t leave users constantly worried that their credentials have been compromised. This World Passkey Day, it’s time for the widespread use of passkeys to take off and for passwords to be left in the past once and for all.”