Microsoft Introduces Passkeys for Consumer Accounts

Microsoft, the software giant, has introduced passkeys for all user accounts, allowing users to drop passwords when accessing the company’s services.

This initiative comes as a response to the escalating frequency of password attacks, which have reached a staggering 4,000 per second. Microsoft attributes this surge to the effectiveness of hackers in breaching accounts protected by passwords.

In an announcement posted on its website, Microsoft declared that users can now generate a passkey on their devices and utilize facial recognition, fingerprint scanning, a PIN, or a security key for authentication. The implementation of passkeys signifies a significant step forward in Microsoft’s journey towards passwordless authentication.

In emphasizing the importance of secure access for all users, Microsoft stated:

“Today, we’re introducing passkey support for Microsoft consumer accounts, advancing our vision of providing simple and secure access for everyone. “In 2015, when we introduced Windows Hello and Windows Hello for Business as secure alternatives to password entry on Windows 10, our identity systems detected approximately 115 password attacks per second. “Less than ten years later, this figure has skyrocketed by 3,378% to over 4,000 password attacks per second. Password-based attacks remain prevalent due to their efficacy. “It’s evident that passwords alone are insufficient for safeguarding our online activities, regardless of their complexity or frequency of change.”

How passkeys operate

According to Microsoft, passkeys function differently from traditional passwords. Rather than relying on a single vulnerable secret, passkey authentication employs a pair of unique cryptographic keys. One key is securely stored on the user’s device, protected by their biometric data or PIN, while the other remains with the respective app or website for which the passkey was created.

Both components of the key pair are required for authentication, mirroring the necessity of possessing both a key and the bank’s key to access a safety deposit box.

“Since this key pair combination is unique, your passkey will exclusively function on the designated website or app, thus mitigating the risk of falling victim to phishing attempts,” Microsoft elaborated. “This is why we refer to passkeys as ‘phishing-resistant.'”

Transitioning to a passwordless era

The adoption of passwordless authentication has emerged as a prevailing trend among major tech companies. In 2023, Google commenced the rollout of passkey support across Google accounts on various platforms, offering users an alternative sign-in method alongside passwords and 2-Step Verification.

Similarly, in the same year, the Meta-owned messaging platform WhatsApp introduced passkeys for accessing the application on Android devices.

Earlier in 2022, Microsoft, Google, and Apple joined forces to pursue a passwordless future, collaborating on expanding support for a universal passwordless sign-in standard developed by the FIDO Alliance and the World Wide Web Consortium.

Kindly share this story

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top