Google and Microsoft are urging users to abandon traditional passwords in favor of passkeys, which are digital credentials that allow access without the need for usernames and passwords.

Passkeys can be unlocked using biometrics, such as fingerprint or facial recognition, or through PIN/pattern methods, significantly enhancing security compared to conventional passwords.

These passkeys enhance security by utilizing device security for account access, effectively eliminating the risk of password theft or breaches, and are regarded as 'phishing resistant'.

The emergence of GenAI tools has led to more effective phishing strategies, making it crucial for users to transition to passkeys and avoid relying solely on passwords or SMS-based two-factor authentication.

Experts have deemed traditional two-factor authentication inadequate in protecting against these advanced phishing techniques.

Okta reports that threat actors are exploiting a new GenAI tool named v0 to create sophisticated phishing sites that closely mimic legitimate sign-in pages, marking a significant evolution in phishing tactics.

The v0.dev platform enables users to generate web interfaces using natural language prompts, facilitating the rapid creation of phishing sites.

In light of these developments, Okta emphasizes the need for organizations to adapt their security measures in response to the increasing use of AI-driven social engineering and credential harvesting attacks.

The rise of AI-generated phishing sites means that traditional warning signs, such as spelling or grammatical errors, may no longer be reliable indicators of scams.

Experts recommend using passkeys wherever possible and ensuring that any necessary passwords are unique, long, and supplemented with robust non-SMS two-factor authentication.

Users are advised to secure their accounts with long, unique passwords where needed, and to utilize authenticator apps for two-factor authentication, as they provide a better security alternative compared to SMS codes.

As Microsoft phases out passwords for over a billion users, it underscores the urgency for individuals to adopt passkeys to enhance their security.