Microsoft announced on May 2nd, 2024, that it has fully enabled Passkey support for all consumer accounts, a significant step towards passwordless login technology. This rollout follows a period of testing and integration with Windows 11 last year aligned with Microsoft’s vision, envisioned a decade ago, to create a world free of passwords as outline in their article here.
Passkeys are advanced digital credentials that replace passwords for secure website and app logins. Developed by the FIDO Alliance and World Wide Web Consortium, Passkeys aim to offer a more convenient and secure login experience.
Microsoft previously introduced Windows Hello in Windows 10, allowing users to log in with facial recognition, fingerprints, or PINs. In 2018, the company further expanded options by supporting FIDO security keys. Finally, in September 2021, Microsoft enabled passwordless login for Microsoft accounts.
With Passkey support, users can create a unique credential through a Microsoft link and choose their preferred authentication method – facial recognition, fingerprint, PIN, or security key. This enhances login convenience and security by mitigating risks associated with password breaches.
Passkeys typically reside on the user’s device or browser, with cloud syncing enabling access across devices. Alternatively, they can be stored on a physical security key, offering more flexibility.
They utilize public-key cryptography and biometric authentication (fingerprint, facial recognition) or device PINS to verify user identity. This approach offers two clear advantages over passwords:
Enhanced Security: Passkeys are resistant to phishing attacks, a common tactic where cybercriminals trick users into revealing their passwords. Since passkeys rely on physical verification or device security, they cannot be stolen through phishing emails or websites.
Improved Convenience: Users no longer need to remember complex passwords for various accounts. Passkeys can be used across different devices and platforms (Windows, Android, iOS) that adhere to the FIDO2 standards.
Google has already reported over 1 billion Passkey authentications across millions of accounts, highlighting the growing user base for this technology.
While Passkeys offer clear advantages, some limitations remain. Cross-device syncing, a feature that allows users to access Passkeys on multiple devices, is not currently supported. This is because Passkeys are designed to work in conjunction with a specific device, acting as a two-factor authentication. Alternative methods, like recovery codes or verification from another device, can be used to access accounts on new devices.
Mobile app support for Passkeys on Microsoft’s platforms is expected to roll out in the coming weeks, which indicates a slightly staggered implementation process. Additionally, users who prefer traditional password logins can still choose to do so for the time being.
Featured image Credit: Microsoft