News
Microsoft to Orgs: Ditch Your Passwords for Passkeys
- By Chris Paoli
- May 09, 2025
May marks the first-ever "World Passkey Day," the occasion of which Microsoft marked by leaning into its vision of a passwordless future.
Joined by dozens of other tech leaders, Microsoft last week doubled down on its support for the FIDO Alliance's Passkey Pledge, which urges organizations to adopt passkey-based alternatives to passwords. Passkeys are phishing-resistant credentials that leverage biometrics or device PINs. Their benefits, per supporters, are improved usability and security; Microsoft found that sign-ins are eight times faster and nearly three times more successful for those who choose passkeys over passwords.
"Last year, we introduced passkey support for Microsoft accounts for our consumer apps and services like Xbox and Copilot, and now we see nearly a million passkeys registered every day," said Microsoft's Joy Chik, president, Identity & Network Access and Vasu Jakkal, corporate vice president, in a joint blog post. "Because they're not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98 percent versus 32 percent)."
Microsoft said that nearly all Windows users with Microsoft accounts now sign in using Windows Hello, and new accounts are now created as passwordless by default. As part of a broader effort, the company also unveiled a redesigned sign-in experience that prioritizes passkeys, automatically suggests the most secure sign-in method, and gradually phases out visible password options.
The push builds on a decade-long shift that began with the debut of Windows Hello, which enabled biometric logins and laid the groundwork for future authentication models. That evolution continues in Windows 11, which, as reported last year, offers native support for device-bound passkeys stored locally or in the cloud via Microsoft Edge and Windows Hello.
The timing is critical, Microsoft emphasized, as cyberattacks targeting password-protected accounts continue to escalate, according to the company. Microsoft recorded over 7,000 password attacks per second last year -- more than double the rate seen in 2023.
"Bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking," said Microsoft. "In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password."
According to the FIDO Alliance, more than 15 billion accounts globally can now be secured with passkeys. Microsoft says more progress is needed and is encouraging users to begin the transition by converting at least one account to passwordless today.