News

Microsoft to Orgs: Ditch Your Passwords for Passkeys

May marks the first-ever "World Passkey Day," the occasion of which Microsoft marked by leaning into its vision of a passwordless future.

Joined by dozens of other tech leaders, Microsoft last week doubled down on its support for the FIDO Alliance's Passkey Pledge, which urges organizations to adopt passkey-based alternatives to passwords. Passkeys are phishing-resistant credentials that leverage biometrics or device PINs. Their benefits, per supporters, are improved usability and security; Microsoft found that sign-ins are eight times faster and nearly three times more successful for those who choose passkeys over passwords.

"Last year, we introduced passkey support for Microsoft accounts for our consumer apps and services like Xbox and Copilot, and now we see nearly a million passkeys registered every day," said Microsoft's Joy Chik, president, Identity & Network Access and Vasu Jakkal, corporate vice president, in a joint blog post. "Because they're not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98 percent versus 32 percent)."

Microsoft said that nearly all Windows users with Microsoft accounts now sign in using Windows Hello, and new accounts are now created as passwordless by default. As part of a broader effort, the company also unveiled a redesigned sign-in experience that prioritizes passkeys, automatically suggests the most secure sign-in method, and gradually phases out visible password options.

The push builds on a decade-long shift that began with the debut of Windows Hello, which enabled biometric logins and laid the groundwork for future authentication models. That evolution continues in Windows 11, which, as reported last year, offers native support for device-bound passkeys stored locally or in the cloud via Microsoft Edge and Windows Hello.

The timing is critical, Microsoft emphasized, as cyberattacks targeting password-protected accounts continue to escalate, according to the company. Microsoft recorded over 7,000 password attacks per second last year -- more than double the rate seen in 2023.

"Bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking," said Microsoft. "In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password."

According to the FIDO Alliance, more than 15 billion accounts globally can now be secured with passkeys. Microsoft says more progress is needed and is encouraging users to begin the transition by converting at least one account to passwordless today.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.