World Password Day? More like World Passkey Day, Microsoft said before announcing that it’s making the passwordless login experience the default for all new user accounts.
According to the corporation, new users will be able to choose from several passwordless options when creating their account. They won’t have to set up a password at all.
Existing users can now also unlink and delete passwords from their accounts, the company said in a blog post.
Microsoft said that to implement the passkeys idea, the firm has collaborated closely with the FIDO Alliance, an open industry association launched in 2013 whose stated mission is to develop and promote authentication standards that “help reduce the world’s over-reliance on passwords.”
Passkeys are a standards-based phishing-resistant authentication method that replaces passwords. It completely negates password brute-force attacks, the top source of security breaches for many companies.
“Now you can sign in to any supported app or website with a passkey using your face, fingerprint, or PIN. Hundreds of websites, representing billions of accounts, now support signing in with a passkey. The world is changing!” Microsoft said.
Indeed, according to the FIDO Alliance, over two-thirds of recently surveyed users enabled a passkey for their account. That’s a sign that the technology is slowly becoming commonplace, especially, by the way, in China.
Microsoft thinks that bad actors are actually aware that the “password age is ending.” That’s allegedly why they’re devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password.
“Last year, we observed a staggering 7,000 password attacks per second – more than double the rate from 2023,” said the company.
Instead of showing you all the possible ways to sign in, Microsoft will automatically detect the best available method on your account and set that as the default.
For example, if you have a password and a “one-time code” set up on your account, Microsoft will prompt you to sign in with your one-time code instead of your password.
After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey. This simplified experience gets the user signed in faster and – in experiments – has reduced password use by over 20%.
The Cybernews research team recently conducted a new study of over 19 billion newly exposed passwords and concluded that lazy keyboard patterns such as 123456 – a gift for bad actors – still reign supreme.
“We’re facing a widespread epidemic of weak password reuse. Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks. For most, security hangs by the thread of two-factor authentication – if it's even enabled,” said Neringa Macijauskaitė, information security researcher at Cybernews.
Your email address will not be published. Required fields are markedmarked