News

Microsoft to Orgs: Ditch Your Passwords for Passkeys

May marks the first-ever "World Passkey Day," the occasion of which Microsoft marked by leaning into its vision of a passwordless future.

Joined by dozens of other tech leaders, Microsoft last week doubled down on its support for the FIDO Alliance's Passkey Pledge, which urges organizations to adopt passkey-based alternatives to passwords. Passkeys are phishing-resistant credentials that leverage biometrics or device PINs. Their benefits, per supporters, are improved usability and security; Microsoft found that sign-ins are eight times faster and nearly three times more successful for those who choose passkeys over passwords.

"Last year, we introduced passkey support for Microsoft accounts for our consumer apps and services like Xbox and Copilot, and now we see nearly a million passkeys registered every day," said Microsoft's Joy Chik, president, Identity & Network Access and Vasu Jakkal, corporate vice president, in a joint blog post. "Because they're not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98 percent versus 32 percent)."

Microsoft said that nearly all Windows users with Microsoft accounts now sign in using Windows Hello, and new accounts are now created as passwordless by default. As part of a broader effort, the company also unveiled a redesigned sign-in experience that prioritizes passkeys, automatically suggests the most secure sign-in method, and gradually phases out visible password options.

The push builds on a decade-long shift that began with the debut of Windows Hello, which enabled biometric logins and laid the groundwork for future authentication models. That evolution continues in Windows 11, which, as reported last year, offers native support for device-bound passkeys stored locally or in the cloud via Microsoft Edge and Windows Hello.

The timing is critical, Microsoft emphasized, as cyberattacks targeting password-protected accounts continue to escalate, according to the company. Microsoft recorded over 7,000 password attacks per second last year -- more than double the rate seen in 2023.

"Bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking," said Microsoft. "In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password."

According to the FIDO Alliance, more than 15 billion accounts globally can now be secured with passkeys. Microsoft says more progress is needed and is encouraging users to begin the transition by converting at least one account to passwordless today.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Salesforce To Acquire Informatica in $8 Billion Deal

    Salesforce announced on Tuesday it plans to acquire data management firm Informatica for $8 billion.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft Gives Orgs More Power to 'Tune' AI Agents

    At its Build 2025 conference this week, Microsoft unveiled significant advancements aimed at empowering enterprises to create more sophisticated AI agents.

  • Build 2025: Microsoft Charts Wider Path for AI Agents

    At Build 2025, Microsoft unveiled its strategic vision for the future of AI agents, emphasizing the development of autonomous systems capable of performing complex tasks across various applications.

Most   Popular