Microsoft recently shared that over one billion users will get a new account login experience. Part of that new experience is a push for passwordless login.
Microsoft has nudged users away from passwords for several years. Now, the company is making passwordless login a core part of the Microsoft account experience.
“Over the last few years, we’ve introduced several enhancements, including the ability to completely remove the password from your account and support for passkey sign in instead of using a password,” said Microsoft.” Our new UX is optimized for a passwordless and passkey-first experience.”
Microsoft wants people to use passkeys because passwords are not secure. Other tech giants, including Apple and Google, also support passkeys.
The push to passkeys is about more than getting people to embrace a more secure method of logging in. Microsoft needs to convince users to move away from passwords entirely.
“Even if we get our more than one billion users to enroll and use passkeys, if a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing,” said the tech giant last December. “Our ultimate goal is to remove passwords completely and have accounts that only support phishing-resistant credentials.”
The new Microsoft account experience should help people transition away from passwords.
What is a passkey?
Passkeys allow users to sign in to apps, websites, and services. They are more secure than passwords and resistant to many of the flaws passwords face.
At first glance, passkeys and passwords sound somewhat alike. In addition to having similar names, both passkeys and passwords were designed to let people log in to websites and services.
But the methods passwords and passkeys use to accomplish that task are very different. While passwords rely on a combination of a username and a password you have to remember, passkeys use a pair of cryptography keys to ensure secure login.
One of the most important aspects of a passkey is that one of those keys is private and stays on your device.
Passkeys work with biometric security features, such as fingerprint scanning or face unlock, and can also be used with a device PIN.
Passkeys can extend across devices and are unique to websites and apps.
The uniqueness of passkeys is important. When attackers obtain a password through a security breach or other methods, those attackers often try to use the same password across other popular services.
In a worst-case scenario, an attacker could obtain a password from a site you don’t consider especially important and then use that password to gain access to anything from your email account to banking applications.
While the technology behind passkeys is fascinating, I assume most people care about two questions:
- Are passkeys easy to use?
- Are passkeys safer than passwords?
Passkeys are relatively new, at least in the grand scheme of how long people have used computers and smartphones. But they already have backing from tech giants such as Microsoft, Google, and Apple.
Several well-known websites support passkeys as well. Microsoft says “passkeys are the future of authentication,” and there’s good reason to believe the company.
Passkeys are easy to set up and use on many sites and services. Over time, passkeys will gain more support.
Passkeys are resistant to phishing attempts and a range of other attacks that are commonly used to obtain people’s passwords.
While no method of login is perfectly secure, passkeys are generally considered more secure than passwords.