Microsoft has announced significant updates to Windows 11 that will introduce third-party passkey support, marking another step toward the company’s vision of a passwordless future. The update centers on modifications to the Web Authentication API (WebAuthn) that will enable third-party plugin integration for passkeys. This development follows Microsoft’s broader push toward passwordless authentication, which included the rollout of passkey support for all consumer accounts across Windows, Android, and iOS platforms.
The enhanced WebAuthn API will route authentication messages to plugins, allowing alternate providers to function as passkey managers. Third-party plugins will be able to create and verify passkeys in response to system authentication requests, similar to how users can select different payment options during checkout. This functionality builds upon Microsoft’s existing Windows Hello biometric authentication system, which has been a cornerstone of Microsoft’s security infrastructure.
Microsoft has established partnerships with credential ecosystem providers, including Bitwarden and 1Password, to expand authentication options for both individual users and enterprise deployments. The update is currently available for testing in the Windows Insider Beta Channel through build 22635.4515 (KB5046756).
The implementation maintains compatibility with Windows Hello, enabling users to transition between devices without credential resynchronization. Microsoft has made the source code available to developers, allowing them to create their own plugins and expand passkey functionality. Implementation details are accessible through Microsoft’s developer documentation.
“We are releasing updates to WebAuthn APIs to support a plugin authentication model for passkeys,” said a Windows Insider Team blog post. “In the coming months, Windows customers will be able to choose a third-party provider as an additional choice alongside the native Windows passkey provider while maintaining the Windows Hello user experience.”
The passkey system is built on WebAuthn standards, which are part of the FIDO (Fast Identity Online) Alliance framework. This standardization ensures compatibility across platforms, with major technology providers including Microsoft, Apple, and Google contributing to the ecosystem. The FIDO Alliance has recently published updated design guidelines to optimize the user experience for passkey implementation, reflecting the growing industry momentum behind this authentication method.
The Windows Insider Team further explained that “Messages in WebAuthn flows will be forwarded to the plugin and responses are returned to the WebAuthn client applications. This enables plugins to create and authenticate with passkeys when requested by the customer.”
Sources: Windows Forum, TechRadar, Windows Insider Blog
Follow Us