Microsoft is enhancing online security by transitioning from traditional passwords to passkeys, aiming to provide users with a more secure and user-friendly experience. This shift emphasizes the use of passkeys, which utilize biometric or PIN-based authentication tied to individual devices, offering enhanced protection against vulnerabilities associated with passwords.
Passkeys consist of two code parts: one stored on the user's device and the other on the app or service. This method eliminates the need to remember complex passwords and guards against phishing, brute force attacks, and other security threats. Major companies like Google, Apple, PayPal, Amazon, Microsoft, and eBay have implemented passkeys, although some popular sites are yet to adopt them. Setting up passkeys varies in ease, and it is recommended to start with frequently used accounts. Passkeys can be recovered via cloud-based password managers, whereas those stored on physical security keys cannot be recovered if lost. While you can maintain your old passwords, passkeys provide an additional layer of security without requiring multi-factor authentication.
Microsoft is moving towards a passwordless future for its over one billion users by implementing passkeys—a more secure login method. Passkeys use cryptographic key pairs, with one key stored on a user's device and the other on the website they log into. This method enhances security by requiring biometrics or a PIN for device authentication, making phishing attempts less effective. Microsoft will roll out the updated sign-in and sign-up pages for passkeys by the end of April. Passkeys, which can sync across multiple devices, are already being used by Apple and Google since 2023.
Microsoft is seeing nearly a million passkeys registered every day, paving the way to eliminating passwords altogether. Users signing in with passkeys are three times more successful at getting into their accounts compared to password users, about 98 percent versus 32 percent. At the same time, Microsoft warns that it expects increased pressure from cyberattackers on users who are still relying on passwords and other phishable sign-in methods to protect their accounts.
Microsoft is phasing out password storage and autofill in its Authenticator app, with full discontinuation set for August 2025. Users are urged to transition to passkeys, a more secure authentication method that relies on biometrics or a PIN tied to individual devices instead of traditional, easily compromised passwords. The change comes amid increasing cyber threats, with Microsoft detecting up to 7,000 password attacks per second. Passkeys, developed under the FIDO Alliance, operate using a private-public key pair, enhancing security and eliminating risks like phishing and data breaches. Existing users can export their saved passwords to other autofill services or continue using Microsoft Edge. Microsoft is not alone in adopting passkeys—companies like Google, Apple, and Amazon are also onboard, and over 15 billion accounts now support the method. To set up a passkey in Microsoft Authenticator, users simply follow prompts within the app or use Microsoft account settings online. New Microsoft accounts will default to passkey-based sign-ins, further advancing the company's move toward a passwordless future.
Microsoft is expanding passkey support in Microsoft Entra ID, adding support for device-bound passkeys in the Microsoft Authenticator app on iOS and Android for customers with the strictest security requirements. A passkey is a strong, phishing-resistant authentication method you can use to sign in to any internet resource that supports the W3C WebAuthN standard. Passkeys represent the continuing evolution of the FIDO2 standard, which should be familiar to anyone who’s followed or joined the passwordless movement. We already support signing into Entra ID using a passkey hosted on a hardware security key and today, we’re delighted to announce additional support for passkeys. Specifically, we’re adding support for device-bound passkeys in the Microsoft Authenticator app on iOS and Android for customers with the strictest security requirements.
Microsoft is testing WebAuthn API updates that add support for using third-party passkey providers for Windows 11 passwordless authentication. Passkeys use biometric authentication, such as fingerprints and facial recognition, to provide a more secure and convenient alternative to traditional passwords, thus significantly reducing data breach risks. Redmond has been collaborating with credential providers like 1Password, Bitwarden, and others since early October when it first announced that it would create a new plugin authentication model for passkeys in Windows. As the company revealed today, users will soon have the option to choose from third-party passkey providers in addition to the native Windows one for authentication through Windows Hello using the same passkey you created on a mobile device.
Microsoft is making passkeys the default option for all new account creations starting in 2025. This includes: Microsoft 365, Outlook, OneDrive, Xbox Live, Azure Active Directory (Entra ID), Windows 11 account logins. Existing users are also being encouraged to switch to passkeys, with simplified migration tools available in the Microsoft Account dashboard and Windows Settings.
Microsoft's commitment to innovation is evident in its evolving authentication strategies, aiming to make online interactions safer and more convenient for everyone. The company's move towards a passwordless future reflects a broader industry trend towards more secure and user-friendly authentication methods, ensuring that users can navigate the online world with greater confidence.