Recently, I had the opportunity to attend a webinar by Yubico called When Cyber Threats Feel Human: The 2026 Identity Wake-Up Call which explored the evolving nature of AI-based threats and how phishing attacks are becoming more convincing.
So, who is Yubico, and what the heck is a YubiKey?
Yubico is a cybersecurity company that invented the YubiKey, a hardware-based authentication key, to prevent phishing attacks and account takeovers.
When a website offers 2FA, it usually sends you a one-time password in email, or text message. a Yubikey is a physical 2FA, you plug it into your device and unlock your 2FA. Pretty much a physical key in a digital world.
Yubico’s 2025 Survey
Now that we’ve gotten that out of the way, let’s talk about the webinar. Yubico recently ran a survey across nine countries, surveying over 18,000 employed adults.
The survey revealed the following:
- 74% of employees admit that company-offered security options are not very secure.
- 40% of employees report never receiving cybersecurity training.
- 62% of employees still rely on a username and password.
- 41% place their trust in vulnerable SMS-based authentication.
Phishing attempts and other cyber threats are becoming harder and harder to spot each day, especially given how advanced AI has become over the years. Based on the survey, around 40% of employees have never received any form of cybersecurity training. Many believe that a simple username and password is the safest authentication method—but they couldn’t be more wrong.
Based on the survey, finding show that employees underestimate the risks to protect their login information, and overestimate the systems meant to protect them.
Cybercrime has grown exponentially with the usage of artificial intelligence (AI), and even raises the chances of an unskilled hacker to steal account information. Although given the downside of AI, it does also have its upsides in productivity, and growth.
So, how can we protect ourselves against ai-driven attacks, or even cybercrime in general?
Use phishing-resistant authentication
Artificial Intelligence makes phishing so much more convincing, and passwords can only do so much.
- Use Hardware keys (Yubikeys!)
- Avoid SMS-based MFA (it’s vulnerable to SIM-swapping and interception)
- Prefer app-based MFA or passkeys tied to your device
Assume everything can be faked
AI can convincingly mimic emails, voices, faces, and even your own writing style!
- Verify urgent requests through a second channel (call, in-person, known contact)
- Be skeptical of messages that create pressure or urgent
- Don’t trust emails or messages just because they “sound right”
Reduce your digital footprint
AI thrives on public available data, so lock down your information!
- Remove your data from data broker sites (DeleteMe, Incogni, etc)
- Lock down social media privacy settings
- Avoid oversharing job details, schedules, or personal habits
The less public data there is to know about you, the less of a chance somebody can impersonate you.
And my personal favorite, USE A PASSWORD MANAGER!!
- Generate and store unique passwords for every site, making it harder for AI or people to guess your password.
- Or do yourself a favor and move away from password to passkeys, where supported.
- Watch for breach alerts from your manager or you can also check HaveIBeenPwned.com and look for yourself!
Reused passwords are still one of the biggest risks in today’s digital world. If an AI can guess your writing style, and use public available data, imagine how easy it is to get your password.
Overall though, make sure to stay safe out in the digital world, lock down your information and keep pushing.
Thank you to Yubico for the webinar, feel free to checkout the entire webinar and survey listed below.