Microsoft, having joined the passkey movement in May 2024, is taking the next step in account security. All new Microsoft accounts will now be passwordless by default, offering a more convenient and secure user experience. This shift eliminates the need to remember complex passwords and significantly reduces the risk of hacking.
Passkeys, the core of this change, are essentially digital keys that transform your trusted devices into login tools. These keys are secured behind biometric authentication, such as facial recognition, fingerprint scanning, or device PINs. Logging in simply requires approving a prompt on your phone or PC and verifying your identity through your chosen biometric method.
What Does This Change Mean for Users?
According to a security update, new Microsoft account users will be presented with various passwordless options from the start. Existing users can also transition to passkeys by deleting their saved passwords from their account dashboard.
Alt text: A screenshot of the redesigned Windows 11 Passkey application.
Two-factor authentication (2FA) users will no longer need to enter their password, instead being prompted directly for their 2FA code. Subsequent logins will bypass the 2FA code altogether, relying solely on passkeys.
Microsoft joins Google and Apple in embracing the passkey revolution, a technology based on cryptographic techniques and FIDO security protocols. The login key is stored privately on the user’s device, enhancing security.
How to Use Passkeys with Your Microsoft Account
These private keys are only accessible after user authentication via biometrics or device unlock. For Windows users, the Microsoft Authenticator app (available on Android and iOS) is the recommended method for enabling passkeys.
Alt text: A screenshot demonstrating how to enable passkey access within the Microsoft Authenticator app.
After registering the passkey in the Authenticator app, users need to enable it in their device settings. On Android, this is done within the “Passwords & accounts” section. On Apple devices, it’s found under “Autofill & Passwords.” Passkeys are compatible with a wide range of operating systems and browsers, including Windows 10 and 11, macOS Ventura and later, iOS 16, Android 9, Chrome OS 109, Microsoft Edge 109, Safari 16, and Chrome on mobile.
Alternatives to Microsoft’s Authenticator app exist, such as 1Password, for storing passkeys. Regardless of the chosen method, all passkey data is end-to-end encrypted and leverages the device’s Trusted Platform Module (TPM) for added security.
Conclusion
Microsoft’s move to passwordless accounts by default signifies a significant step towards enhanced security and user convenience. The adoption of passkeys, backed by robust cryptographic techniques and FIDO protocols, provides a more streamlined and secure login experience across various devices and platforms. By eliminating the vulnerabilities associated with traditional passwords, Microsoft empowers users to protect their accounts more effectively.
