Microsoft really wants users to ditch passwords and switch to passkeys

(Image credit: Shutterstock)

Microsoft is strongly pushing for a passwordless future
Passkeys don't need to be remembered, and are more secure
Redmond details its journey in the passkey journey

Passwords are no longer good enough, Microsoft has said, as it signals a shift towards easier to use and more secure alternatives.

“At Microsoft, we block 7,000 attacks on passwords per second—almost double from a year ago. At the same time, we’ve seen adversary-in-the-middle phishing attacks increase by 146% year over year,” the company said in a new blog post.

“Fortunately, we’ve never had a better solution to these pervasive attacks: passkeys.”

It's time to get on board with passkeys

Passkeys are a more secure alternative to passwords as their private encryption key is only stored on a local device, such as your phone, and not on leaky servers that are liable being attacked. Passkeys also don’t need to be entered into a website - just verifying your identity using a biometric authenticator app that scans your face or a fingerprint will grant you entry to your account.

This also makes them phishing resistant, as an attacker would not only need your personal device to log in, but also your physical form to pass authentication. As an additional bonus, you don’t have to worry about forgetting a passkey, as it isn’t stored in your brain and doesn’t need to be written down or stored in a password manager.

Over the past year, Microsoft has stepped up the rollout of passkeys to its platforms, with passkey support being added to Xbox, Microsoft 365, and Microsoft Copilot in May 2024.

The slow rollout allowed users to become familiar with the option of signing in with a passkey or, as it is displayed on the login page, “face, fingerprint, or PIN,” which users were more familiar with.

Following this, Microsoft began “nudging” users into adopting passkeys at important points in the user experience, such as at account creation, after signing in, and when resetting passwords.

Experiments with messaging were also run, with Microsoft discovering that saying passkeys are “more secure” and “faster” saw a click through rate of 24% and 27% respectively. Additionally, Microsoft did not let users completely opt out of passkey usage by having the button say “Skip for now.”

The Microsoft passwordless sign-in experience (Image credit: Microsoft)

Microsoft then moved on to removing friction from the sign in experience by defaulting to passkey authentication if it was available as a login method, removing the need for users to remember passwords and type them in.

As for the future, Microsoft is aiming to eventually phase out passwords, and introduce a totally passwordless login experience using phishing-resistant credentials only.

However, there is still a long way to go until then, including introducing passkeys as the default, phasing out passwords, and then stopping password support altogether - so get ready for a passwordless future.

These are the best identity theft protection services
Take a look at our guide to the best parental control apps
Search for alternative to WordPress surges worldwide amidst rift between WP-Engine and Matt Mullenweg

TOPICS

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.