- Microsoft is strongly pushing for a passwordless future
- Passkeys don’t need to be remembered, and are more secure
- Redmond details its journey in the passkey journey
Passwords are no longer good enough, Microsoft has said, as it signals a shift towards easier to use and more secure alternatives.
“At Microsoft, we block 7,000 attacks on passwords per second—almost double from a year ago. At the same time, we’ve seen adversary-in-the-middle phishing attacks increase by 146% year over year,” the company said in a new blog post.
“Fortunately, we’ve never had a better solution to these pervasive attacks: passkeys.”
It’s time to get on board with passkeys
Passkeys are a more secure alternative to passwords as their private encryption key is only stored on a local device, such as your phone, and not on leaky servers that are liable being attacked. Passkeys also don’t need to be entered into a website – just verifying your identity using a biometric authenticator app that scans your face or a fingerprint will grant you entry to your account.
This also makes them phishing resistant, as an attacker would not only need your personal device to log in, but also your physical form to pass authentication. As an additional bonus, you don’t have to worry about forgetting a passkey, as it isn’t stored in your brain and doesn’t need to be written down or stored in a password manager.
Over the past year, Microsoft has stepped up the rollout of passkeys to its platforms, with passkey support being added to Xbox, Microsoft 365, and Microsoft Copilot in May 2024.
The slow rollout allowed users to become familiar with the option of signing in with a passkey or, as it is displayed on the login page, “face, fingerprint, or PIN,” which users were more familiar with.
Following this, Microsoft began “nudging” users into adopting passkeys at important points in the user experience, such as at account creation, after signing in, and when resetting passwords.
Experiments with messaging were also run, with Microsoft discovering that saying passkeys are “more secure” and “faster” saw a click through rate of 24% and 27% respectively. Additionally, Microsoft did not let users completely opt out of passkey usage by having the button say “Skip for now.”
Microsoft then moved on to removing friction from the sign in experience by defaulting to passkey authentication if it was available as a login method, removing the need for users to remember passwords and type them in.
As for the future, Microsoft is aiming to eventually phase out passwords, and introduce a totally passwordless login experience using phishing-resistant credentials only.
However, there is still a long way to go until then, including introducing passkeys as the default, phasing out passwords, and then stopping password support altogether – so get ready for a passwordless future.
Leave a comment