Software giant Microsoft has introduced passkeys for all consumer accounts, allowing users to bypass passwords when accessing the company’s accounts.
This move comes in response to a surge in password attacks, reaching a staggering 4,000 per second, with hackers increasingly succeeding in compromising accounts.
Users of Microsoft services can now create a passkey on their devices and utilize their face, fingerprint, PIN, or security key for authentication, as announced on the company’s website.
This marks a significant milestone for Microsoft in its journey towards passwordless authentication.
Microsoft described passkeys as distinct from passwords, employing two unique cryptographic keys known as a key pair. One key is securely stored on the user’s device, protected by their biometrics or PIN, while the other remains with the app or website for which the passkey is created.
Both parts of the key pair are required for sign-in, akin to needing both a personal key and the bank’s key to access a safety deposit box.
Highlighting the security benefits, Microsoft emphasized that passkeys are phishing-resistant, as they only function on the designated website or app. This prevents users from being tricked into signing in to malicious look-alike websites.
The trend towards going passwordless has gained traction among major tech companies. Google initiated passkey support across Google accounts in 2023, providing an additional sign-in option alongside passwords and 2-Step Verification. Similarly, Meta-owned chat app WhatsApp introduced passkeys for accessing the application on Android devices in the same year.
Furthermore, in 2022, Microsoft, Google, and Apple announced a collaborative effort to eliminate the need for passwords in accessing devices, websites, or apps.
This initiative involves expanding support for a common passwordless sign-in standard developed by the FIDO Alliance and the World Wide Web Consortium.
