“Traditional passwords are fundamentally flawed and increasingly vulnerable to compromise – a major concern given they are still the most commonly used authentication method, leaving users highly susceptible to cyber attacks like phishing. This reality is even more alarming amid the increasing sophistication and evolution of AI-powered threats. Cyber criminals are no longer simply using AI to write phishing emails; they are deploying autonomous agents that can plan, reason and execute multi-stage attacks without human oversight.

“In response to the evolving threat landscape, users must move away from passwords towards stronger, more resilient technologies. The clear successor is the passkey, which is now the gold standard for secure, modern authentication in a digital world. This shift is gaining momentum globally and is being embraced across industries. For example, the UK Government is already in the process of adopting passkeys for its digital services, citing the superior security and protection they provide.

“In its most secure form, a passkey is device-bound – it is not a secret that staff must remember (like a password), but a physical token they possess – such as a hardware security key. The passkey is stored on the physical device and is resistant to phishing because it cannot be intercepted or stolen by remote attackers, meaning only the key holder can gain access to their accounts. They also manage logins across all users’ platforms and devices – meaning attackers can’t use AI to get around the wall of defence the physical key provides.

“With phishing-resistant multi-factor authentication (MFA) available to all, there’s no need to continue using insufficient authentication methods like passwords to keep online accounts secure. This World Passkey Day, it’s time for the widespread use of hardware-backed passkeys to take off and for passwords to be left in the past.”