Passkeys emerge as a more secure alternative to passwords
Updated
Updated · PCMag · May 7
Passkeys emerge as a more secure alternative to passwords
13 articles · Updated · PCMag · May 7
Security researcher Trevor Hilligoss said passkeys resist phishing and server-breach theft, but malware can still hijack authenticated browser cookies to access accounts.
Passkeys use a public key stored by a site and a private key kept on a device, password manager or iCloud Keychain, removing the need for a username-password login.
Adoption remains uneven and recovery can be difficult if a device is lost, though many services offer email, SMS or another logged-in device for backup verification.
With 5 billion passkeys active, is the next security race about protecting session cookies, not just login credentials?
As AI agents begin using passkeys, how will we prevent them from becoming the next major target for sophisticated hackers?
A new technology called DBSC stops cookie theft. How long until this critical protection becomes a standard for all websites?
2026 Tipping Point: How Passkeys Are Replacing Passwords for Over 8 Billion Accounts
Overview
In 2026, passkeys have become the mainstream authentication standard, driven by aggressive rollouts from tech giants like Microsoft and strong regulatory mandates worldwide. Over 5 billion passkeys are actively used, with 87% of enterprises adopting them early in the year. This rapid shift is fueled by escalating data breaches exposing password vulnerabilities and the clear security and user experience benefits passkeys provide, including higher sign-in success and reduced credential attacks. The FIDO Alliance’s coordinated efforts have created a mature ecosystem, supported by widespread industry commitment. Despite challenges like device loss and session hijacking risks, organizations are integrating adaptive security measures to ensure a safer, passwordless future.