Microsoft has announced plans to transition away from traditional passwords in favor of passkeys as part of a comprehensive strategy to enhance security and user authentication. The initiative, which aims to reach over one billion users, comes amid a reported 200 percent surge in cyberattacks targeting password-based systems. The technology giant plans to replace conventional password logins with biometric authentication methods using fingerprints or facial recognition.
The shift to passkeys builds on Microsoft’s earlier passwordless initiatives and addresses critical vulnerabilities in traditional authentication systems, including a recent “AuthQuake” vulnerability that affected its Multi-Factor Authentication (MFA) system. The new credentials are stored locally on users’ devices rather than on remote servers, eliminating risks associated with forgotten passwords and reducing the need for support assistance.
A key benefit of passkeys is their resistance to phishing attacks, as they cannot be compromised through common cyber threats that typically target traditional passwords. Recent testing by Microsoft has shown that passkey authentication is up to three times faster than conventional password-based logins. The company is proceeding cautiously with the rollout, conducting extensive user testing to ensure smooth implementation.
The company’s ultimate goal is to completely eliminate passwords and transition to accounts that exclusively support FIDO2-based phishing-resistant credentials. The initiative faces several technical challenges, including complex account recovery processes and cross-platform compatibility issues, which Microsoft is addressing through collaboration with industry partners.
“Passwords are just not a good way to authenticate users on the modern internet,” said the UK’s National Cyber Security Centre (NCSC). Microsoft has noted that even with widespread passkey adoption, accounts retaining both passkey and password options remain vulnerable to phishing attempts.
The transition is part of a broader industry collaboration, with Apple and Google also working to ensure passkey compatibility across different devices and operating systems. Major web browsers including Google Chrome, Mozilla Firefox, and Microsoft Edge have already integrated passkey support to facilitate interoperability, with recent updates to Windows 11 adding third-party passkey support.
The move complements current cybersecurity regulations, including GDPR and the NIS2 Directive, by implementing secure, documented authentication processes. Microsoft is particularly focused on addressing potential user confusion regarding passkey terminology and the process of transferring credentials between devices, with plans to implement new user education resources and simplified onboarding processes.
Sources: TBS News, Inside Telecom, Orion Networks, Freemindtronic, Microsoft 365 Message Center Archive
Follow Us