Phishing can be stopped with passkeys, you just have to try it.

LoginID
4 min readOct 3, 2024

--

User experience, and phishing resistance in one go.

In recent reports Invezz stated that phishing is on the rise by 215% for crypto trading in damages, while importantly, having fewer victims. This is in reality nothing new as over the last few years we have seen slow decline in phishing, but sharp increase in spear phishing, which is genuinely worrying. Let me explain why.

What is phishing?

Phishing is a type of online scam where someone tries to trick you into giving them your personal information, like passwords or credit card details. They often pretend to be a trusted organization, like your bank or a well-known company, by sending fake emails, messages, or websites that look real but are designed to steal your data.

Think of it this way: if an attacker can create a bank website that looks completely real and convinces you to enter your username, password, and even an SMS code, there’s nothing stopping them from taking over your account. This is a fundamental issue with the existing authentication methods, as they are not in any way phishing resistant.

Historically there were attempts at making phishing resistant authentication solutions, but all them had failed due to complexity in deployment, or bad user experience.

The Rise of Spear Phishing: A Growing Threat

Spear phishing is a more targeted form of phishing, where attackers research individuals to craft personalized, credible emails. These messages often imitate trusted people, using specific details to deceive high-value targets like executives or IT admins, leading to severe breaches.

The threat has grown with deepfakes and large language models (LLMs). Deepfakes allow attackers to convincingly mimic voices or appearances, while LLMs create sophisticated, automated, personalised messages. You may spent months talking to a bot, have your guard slowly lowered. This makes spear phishing highly effective.

Passkeys for the win!

Passkeys are the ultimate solution for phishing-resistant authentication. They use public key cryptography to keep your login credentials secure, and they’re bound to the specific website where they were created. Here’s how it works:

Imagine John, a regular consumer, wants to buy a new phone from “example.com.” When he creates an account, he typically sets up a password. But if an attacker creates a fake website, “evil.com,” they could trick John into entering his password, giving them access to his account.

With passkeys, instead of creating a password, John generates a passkey, which is specifically linked to “example.com.” If an attacker tries to trick John logging into “evil.com,” the passkey won’t work because it’s tied only to “example.com,” making phishing attacks ineffective.

Here are some other things passkeys are great at:

1. Phishing Protection: Since passkeys don’t require you to type or send a password, phishing attacks (where attackers trick you into giving them your password) are much harder. You can’t be tricked into giving away something you never type.

2. Outstanding user experience: Passkeys have the best authentication experience in all authentication options.

3. Cross device just works: No need to worry about hideous re-authentication. Once created passkey on one device, it will work seamlessly on all other devices within same ecosystem. I.e. Register on iPad, login on iPhone.

4. Simplified account recovery: Users would have less issue with account recovery, as they only need to get access to their platform account. Once they recovered the access to their iPhone, or Android phone, they are back in business.

Passkeys make logging in easier and more secure by combining strong cryptography with user-friendly authentication methods like biometrics or device verification.

LoginID for the win.

LoginID’s focus on passkeys directly addresses the phishing problem, making it nearly impossible for attackers to intercept credentials or trick users. By replacing passwords with biometric-based authentication, LoginID improves both security and the overall user experience — users no longer need to remember passwords or worry about phishing attempts.

Transactions become seamless and trustworthy, creating confidence for both consumers and businesses. Our expert team has designed LoginID to integrate effortlessly into various platforms, ensuring security is built into every user interaction without compromising convenience.

Interested to try? Schedule demo by emailing sales@loginid.io

https://loginid.io/

--

--

LoginID

LoginID is a comprehensive Passkeys + FIDO-based multi factor authentication solution that offers frictionless biometric authentication at low cost.