Microsoft has announced a major initiative to move away from traditional passwords, introducing a new authentication system that uses access keys and biometric verification methods. The transformation aims to enhance security and streamline the login experience for Microsoft’s user base of over one billion people, building on the company’s previous passwordless authentication efforts that began in 2021.
The company plans to initially implement passwordless authentication in consumer applications before expanding to business applications after thorough testing. The new system uses access keys that are device-specific but can be synchronized across multiple devices, ensuring a smooth transition when users upgrade their hardware. The approach follows the FIDO Alliance standards for secure authentication, which have seen growing enterprise adoption.
Under the new system, users creating email accounts will no longer need to generate passwords. Instead, they will verify their identity through a one-time security code delivered via email before establishing an access key. Microsoft is standardizing login screens across its services to create a more consistent and intuitive user experience, incorporating the modern Fluent 2 design language.
The authentication system relies on passkeys – cryptographic key pairs stored on devices and platforms. These passkeys can be authenticated using biometric data such as fingerprints and facial scans, or through device screen locks, building on Microsoft’s existing Windows Hello biometric infrastructure. The technology will be integrated across Microsoft’s ecosystem, including Outlook, Xbox, Windows, and Microsoft 365, with Xbox applications among the first to showcase the new password-free login screens.
Microsoft plans to begin rolling out the new sign-in and sign-up experience across web and mobile applications in late April 2025. The update will feature a refreshed interface using Microsoft’s Fluent 2 design language, with improvements to account recovery processes and error reduction. The timeline coincides with broader industry efforts, as other tech giants like Google and Apple are also driving passkey adoption.
The shift to passkeys offers enhanced security benefits by reducing vulnerability to phishing attacks, as users no longer need to enter passwords that could be compromised. The improvement is particularly important given the rise in sophisticated phishing techniques targeting multi-factor authentication systems. The system also prevents the use of known breached passwords during setup, providing an additional layer of security.
Sources: CSO Online, Auth0 Changelog, Laptop Mag, Phone Arena
Follow Us