The low barrier of entry for cybercriminals demands new solutions.
Your phone, computer, and tablet are now at risk: the nightmare of AI-powered attacks has become a reality. Experts from Symantec and Cofense are warning of the rising threat, and recently Guardio confirmed that with the advent of generative AI, even a complete beginner can create a sophisticated phishing campaign in minutes — no programming skills required.
Microsoft confirms: artificial intelligence has lowered the technical threshold for fraudsters and cybercriminals. Generative models make it quick and cheap to create convincing malicious content, and AI-based attacks are now being recorded worldwide.
Clearly, new security measures are needed. In fact, we already have them — but most users still haven’t updated their accounts the way they should. Microsoft wants to change that.
The company states that “the password era is coming to an end”: attackers are increasingly targeting passwords, and Microsoft is already blocking about 7,000 such attempts every second — nearly twice as many as a year ago. But at the same time, we now have a better defense: the passkey.
A passkey is a modern replacement for passwords and even two-factor authentication codes. Authentication is tied to the security of your device: without your phone, tablet, or computer, an attacker simply can’t access your account. A passkey cannot be stolen, copied, or intercepted — it’s the digital equivalent of a physical key, both simple and secure.
Of course, using passkeys won’t save you from a well-crafted phishing email asking you to click a malicious link. But even if you do click and land on a fake website, it won’t be able to request your passkey — only outdated login info, password, or 2FA code, which you’ve already replaced.
Google also recommends switching to passkeys, although it still offers traditional passwords as a backup option for now. Microsoft, on the other hand, believes having both methods keeps phishing risks alive and intends to phase out passwords entirely: over one billion accounts have already switched to phishing-resistant passkeys, and the company is pushing the rest of the market to follow suit.
Activating a passkey is very simple: in your personal Microsoft account, go to the security settings, choose to add a new sign-in method, and follow the instructions on your device. For work and school accounts, the process is similar — just with slightly different steps in the “Sign-in Info” section.
Virtually all major platforms and services already support passkey authentication. Replace your old passwords with unique ones (preferably using a password manager), enable the most secure form of two-factor authentication, and use passkeys whenever possible. If you ever have to fall back to using a password, only do so if you're absolutely certain the login page is legitimate.
According to Andrew Shikiar, head of the FIDO Alliance, abandoning passwords is a major step forward. More than a billion users are gaining an easy and secure way to protect their data — one that’s resistant even to the most sophisticated phishing attacks.
