Yubico provides 200,000 YubiKeys to T-Mobile, predicts security trends in 2025

Yubico has partnered with T-Mobile U.S. to deploy over 200,000 phishing-resistant FIDO 2 YubiKeys to its employees, vendors and authorized retail partners, according to a release from the security hardware firm.

The mass replacement of legacy authentication with passwordless, device-bound passkeys occurred in late 2023, in response to escalating cyber threats, unauthorized credential usen and significant financial losses due to fraud. That year, the Anti-Phishing Working Group (APWG) recorded almost five million unique phishing attacks – the worst year on record.

“AI and the sophistication of bad actors continue to evolve, putting enterprises and their personnel at higher risk than ever before,” says said Jerrod Chong, president and COO of Yubico. “To protect against phishing attacks, companies need to act now to adopt and implement hardware-based security keys, which are the strongest multi-factor authentication available.”

YubiKeys support multiple phishing-resistant authentication protocols, including FIDO2/WebAuthn, U2F and Smart Card (PIV), and function across all operating systems and mobile devices.

Jeff Simon, chief security officer at T-Mobile, says “once we had our YubiKeys in hand, we were able to get them up and running across the company in less than three months, and we’ve seen the positive results after just one year of having them.”

Phishing gets more sophisticated; passkeys can help

In 2025, Yubico continues to emphasize the importance of adopting tools like multi-factor authentication (MFA) and phishing-resistant passkeys. A two–part set of predictions from its cybersecurity experts notes the ongoing challenges caused by stolen, misused or fake identities, and the role that passkeys, digital wallets and regulations will play in shaping the digital landscape in the coming year.

Stina Ehrensvärd, founder of Yubico, says that bad actors have turned the internet into a highly risky environment. “To mitigate these risks, some claim that we have to choose between security, usability and privacy,” she says. “But there is a clear solution focused on the broad adoption of digital identity wallets and open standards for digital identities.”

Ehrensvard expects continued momentum of open standards for digital identities, and to see many more countries around the world adopt digital wallet technology backed by FIDO security.

Yubico VP of Standards and Alliance Derek Hanson believes “passkeys have taken the world by storm as the de facto authentication solution to replace passwords.” But, he notes, “the role passkeys actually play in securing our online identities depends heavily on how they are used. Unless organizations do all the right things and have an effective strategy in place throughout the user lifecycle, passkeys won’t reach their potential.”

Hanson predicts a rapid rise in passkey adoption across the enterprise, but a longer adjustment period as organizations come to understand passkeys’ full potential.

David Treece, Yubico’s VP of solutions architecture, forecasts a flurry of regulations, as governments globally draft regulations and guidelines aiming to keep businesses and individuals secure from increasingly sophisticated phishing attacks and generative AI-assisted deepfake fraud.

“As federal agencies around the world look to meet new and upcoming regulations, the adoption of Zero Trust Architecture and robust, phishing-resistant MFA like YubiKeys is not just a compliance requirement,” Treede says. “It’s a critical step in safeguarding the nation’s infrastructure.”

Chad Thunberg, CISO, echoes the sentiment, noting the potency of Gen AI tools for conducting fraud. “Legacy MFA solutions are already under attack, and generative AI will make them even less effective.” Without regulatory countermeasures, he says, “as the volume of generated content surges, confidence in content will decline.”

As such, Thunberg predicts more regulation on AI, and “broader adoption of standards like those from the Coalition for Content Provenance and Authenticity (C2PA), which help consumers verify content authenticity.”

Solutions Architect Josh Cigna says the threat is especially dire for financial services, noting that the financial sector recently surpassed healthcare as the most breached and attacked industry. “Expect to see some more support and adoption of interoperable Verifiable Credentials, starting in Europe and hopefully growing in use in the North American and Asia Pacific regions, backed by phishing resistant MFA,” he says.

The youth appear to be aligned with Yubico on the security advantages of passkeys and hardware security keys. Results from its 2024 State of Global Authentication survey found that Gen Z and Millennials lead in hardware security key usage, relying less on passwords than other generations. Gen Z is also almost 20 percent more likely to use MFA than Baby Boomers and Gen X.

Article Topics

biometric authentication  |  biometric security key  |  biometrics  |  cybersecurity  |  FIDO2  |  passkeys  |  passwordless authentication  |  Yubico