SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers

Exclusive: Yubico's Ronnie Manning discusses the importance of 'the human touch'

Tue, 3rd Jun 2025

Artificial intelligence may be taking centre stage when it comes to digital innovation - but when it comes to cybersecurity, Ronnie Manning says the strongest defence remains "reassuringly human."

"From a security standpoint, it still holds that we have to be able to prove in this world of AI that we're still human," Manning, Chief Brand Advocate at Yubico, explained during a recent interview.

Manning highlighted the increasing sophistication of phishing, deepfakes, and identity spoofing powered by AI - threats that traditional security measures like passwords and SMS codes can no longer withstand.

"Basic authentication just isn't enough," he said. "Traditional passwords are reused, stolen, and easily guessed. One-time passcodes can be intercepted or socially engineered out of someone. But you can't trick a YubiKey."

The YubiKey, a small USB or NFC-enabled device, provides what's called phishing-resistant authentication. Unlike password-based systems, it cannot be accessed or triggered remotely.

The key must be physically tapped or inserted to function.

"There's no extractable code that can be stolen or shared," Manning explained. "It 100% requires that human touch."

As Chief Brand Advocate, Manning is focused on awareness and education around how physical keys are emerging as a first line of defence.

The push comes at a time when AI is reshaping both cybercrime and cybersecurity alike. "Everything at RSA this year was about AI," he said, referring to the global security conference held in San Francisco. "But among all that innovation, the question remains: how do we prove we're real people accessing our own accounts?"

Yubico's answer is a physical key that seamlessly integrates with enterprise and consumer services. Platforms like Microsoft, Google, Okta, and countless others have adopted native support for security keys.

"It's like a house key," Manning said. "You have to physically have it to get in."

Two-factor authentication with a physical key is already seeing adoption beyond the tech sector.

Cathay Pacific, the Hong Kong-based airline, introduced passkey login for its loyalty programme in May this year, bringing passwordless access to its customers.

Meanwhile, Air New Zealand has supported physical security keys for over a year - and explicitly lists YubiKey as a recommended device for securing accounts.

"Security keys are devices or features used to enhance the security of your online account," Air New Zealand's own guidance reads. "A physical security key, like YubiKey, is a small and portable hardware device that you can carry with you to verify your identity."

The airline provides step-by-step instructions for linking a YubiKey to a frequent flyer account - including purchasing a key, enabling the security feature, and completing log-in via a physical tap. For Yubico, this kind of adoption is a major milestone. "You love to hear that," said Manning.

The appeal is growing as AI-driven scams evolve rapidly. Whether it's cloned voices used in social engineering calls or websites mimicking familiar services with near-perfect accuracy, Manning said the pace of attack sophistication is outstripping traditional defences.

"We're seeing deepfake video, phishing emails, fake reset pages - all of this can now be spun up instantly," he explained. "But if I don't use passwords or one-time codes, those attacks fall flat."

Manning emphasised that YubiKey technology goes beyond just human interaction - it also verifies the authenticity of the services being accessed. "It actually checks if the login page is the correct origin before sending a credential," he said.

"So even if an attacker builds a perfect replica of, say, a Google sign-in page, the key won't trigger unless the destination is verified."

Crucially, the YubiKey ecosystem is expanding. Manning noted the steady rise in support for passkeys - cryptographic credentials designed to replace usernames and passwords altogether. Stored either on a YubiKey or securely in device-based password managers, passkeys remove the weakest link in digital authentication: the password itself.

"We want to eliminate passwords. We want people to have the highest level of security delivered in an extremely easy experience," he said.

"With a YubiKey, all I have to do is touch the device and I'm securely logged in."

Enterprises are beginning to take note, with many deploying YubiKeys across their entire workforce. "The goal is to make every employee phishing resistant, which ultimately makes the enterprise phishing resistant," Manning said.

And the strategy works just as well at home. Yubico encourages individuals to use YubiKeys for personal accounts and even secure their password managers with the device. "Good hygiene at the office can blend with good hygiene at home," Manning explained.

Looking ahead, Yubico is focused on further expanding passkey support. "We're working with partners to get passkeys into as many apps and services as possible," Manning said. "Every week, new platforms are coming on board."

But no matter how advanced the tools or how rapid the AI breakthroughs, Yubico's core philosophy remains rooted in the physical - and personal.

"We want organisations to feel confident that the people accessing their systems are the right people," said Manning. "In a world of AI, the human touch still matters most."