62 INTERVIEW Why physical security keys matter Physical keys are essential for security, privacy and operational control, delivering phishing-resistant authentication across high-risk environments while complimenting broader access strategies. Jonathan Hanlon tells us more Phishing is the most common type of cybersecurity attack, according to the National Cyber Security Centre and the US Government Accountability Office. Software passkeys provide a convenient way for many organisations to protect their data and assets, but physical keys provide unmatched security, privacy and operational reliability. Unlike software passkeys, YubiKeys provide physical proof of presence and deliver the highest assurance phishing-resistant authentication, ensuring that only authorised users can access sensitive systems – no matter how sophisticated the threat. “With software-stored secrets, there’s an exploit risk with malware, phishing kits and operating systems,” explains Jonathan Hanlon, senior partner marketing manager at Yubico. “YubiKeys operate outside of the host environment and are immune to these threats. For regulated sectors or high-risk roles, this physical boundary represents a gold standard for phishing resistance. By reducing reliance on cloud syncing and local storage – common dependencies of software-bound passkeys – organisations shrink their attack surface and establish a clean, auditable trust anchor in YubiKeys.” This is critical in high-stakes environments where a single compromised credential could have serious consequences, such as unauthorised access to sensitive data, financial loss or disruption of critical operations. “Many built-in security features are tied to the assumptions and architecture of the platforms they run on,” says Hanlon. “YubiKeys operate independently. As purpose-built hardware credentials, they deliver consistent protection across environments – without relying on the integrity of any single system. That autonomy helps organisations streamline deployment, maintain flexibility, and strengthen their overall security posture.” In practice, this means IT departments gain a portable root of trust that is tamper-resistant by design, allowing organisations to manage authentication on their own terms without relying on opaque firmware updates or platform-specific policies. The security benefits of hardware-bound passkeys extend beyond platform neutrality to phishing resistance. “Hardware passkeys rely on origin binding and cryptographic challenge-response, meaning they only authenticate the correct site when intended, without ever revealing secrets,” says Hanlon. Privacy is another critical differentiator. Cloudsynced credentials create metadata footprints, but hardware-bound passkeys do not generate centralised logs or telemetry. “End users retain full custody of their authentication secrets, which is ideal for sectors like healthcare, government and finance,” says Hanlon. “Hardware passkeys aren’t just private by design; they’re also easy to explain, audit and BY ALICE CHAMBERS “ Organisations shrink their attack surface and establish a clean, auditable trust anchor in YubiKeys”
RkJQdWJsaXNoZXIy NzQ1NTk=