Death to one-time text codes: Passkeys are the new hotness in MFA www.theregister.com/2025/12/0…
Using someone’s legitimate account credentials is a much more effective avenue for crims than finding a security hole to exploit. Microsoft’s latest Digital Defense Report puts identity as the top attack vector.
Using MFA of any kind is the main way to stave off identity attacks, but what you really want is a method that can stand up to phishing.
“Phishing-resistant MFA is the gold standard for security,” according to Microsoft’s threat intel team. “No matter how much the cyber threat landscape changes, multifactor authentication still blocks over 99 percent of unauthorized access attempts, making it the single most important security measure an organization can implement.”
Passkeys are typically what security folks mean when they say “phishing-resistant MFA.” They replace passwords, and instead use cryptographic key pairs with the public key stored on the server and the private key – such as the user’s face, fingerprints, or PIN – stored on the user’s device.
