Microsoft has announced that Microsoft Authenticator will support passkeys natively starting mid-January 2025, advancing its passwordless and phishing-resistant authentication strategy.
Passkeys replace traditional passwords with cryptographic key pairs, enhancing security by storing a public key with the service and securing the private key on the user’s device. When logging in, users authenticate with a biometric or PIN, which unlocks the private key without transmitting sensitive information over the internet.
The upcoming release includes administrative controls, allowing IT managers to require attestation during passkey registration. The latest preview version also supports passkey sign-ins for Android native apps via Authenticator, streamlining the registration process with an improved setup wizard. Version 6.2408.5807 of Microsoft Authenticator on Android now complies with Federal Information Processing Standard (FIPS) 140-3, enhancing security for all Microsoft Entra authentication methods, including passkeys, push multi-factor authentication, and time-based passcodes.
Microsoft cybersecurity consultant Lukas Beran noted that passkeys will be fully functional for phishing-resistant authentication once general availability is achieved, providing organizations with a robust alternative to physical security keys. However, organizations not prepared for passkey integration can limit this feature through configurable FIDO2 policies.
Dave Taku, RSA’s head of product management, emphasized that CISOs may need to adjust settings to avoid security concerns if they are not ready for passkey implementation by mid-January.
Microsoft’s addition of passkey support aligns with FIDO Alliance standards and complements its existing passwordless options, such as Windows Hello biometric authentication and FIDO2 security keys.
Source: ID Tech
November 12, 2024 – by The Mobile ID World Editorial Team
Follow Us