Microsoft goes passwordless on all consumer accounts


Microsoft has launched passkeys enabling users to drop passwords to access the company’s accounts.

According to the company's website, users of Microsoft services can now create a passkey on their devices and use their face, fingerprint, PIN, or security key as a means of identification.

The current introduction of a passkey marks the company’s next milestone to passwordless authentication. For a while, Microsoft clients could sign in to apps and websites using FIDO security keys, Windows Hello, or the Microsoft Authenticator app instead of a password.

ADVERTISEMENT

“Password attacks are so popular because they still get results. It’s painfully clear that passwords are insufficient to protect our lives online. No matter how long and complicated you make your password, or how often you change it, it still presents a risk,” writes the company.

Apart from improving the user experience, passkeys have security benefits. Microsoft calls passkeys “phishing-resistant,” as they work differently from simple passwords.

Instead of a single, vulnerable secret, passkey access uses two unique keys, known as a cryptographic key pair.

One key is stored safely on your device, guarded by user biometrics or PIN. The other key stays with the app or website for which the user creates the passkey. Because this key pair combination is unique, the user passkey will only work on the website or app it was created for.

Going passwordless is quite a trend among big tech companies. In 2023, Google started rolling out passkey support across Google Accounts on all major platforms as an additional option for users to sign in, alongside passwords and 2-Step Verification. The same year, the Meta-owned chat app Whatsapp rolled out passkeys to access the application on Android devices.

However, the critics state that passwords are here to stay. A username and password combination remains the most widely deployed authentication measure, with 58% of organizations using them. A Report released by Keeper Security shows that despite substantial security risks, most organizations will likely continue to use passwords. Simplicity, cost, and flexibility are the reasons cited for not switching. Often, newer authentication methods lack support from many applications, especially legacy apps, databases, protocols, and resources.

ADVERTISEMENT