Microsoft Ditches Passwords for New Accounts: A New Era of Security with Passkeys
Microsoft is making a bold move towards a passwordless future! The tech giant is now defaulting to passkeys and other secure methods for new accounts, signaling a major shift in how we authenticate online. This isn't just a minor tweak; it's a fundamental change in the user experience, designed to prioritize security and convenience.
For years, Microsoft has supported passwordless logins through Windows Hello and allowed users to remove passwords from existing accounts. Now, they're taking it a step further by prompting new users to opt for passwordless options like passkeys, push notifications, and security keys from the get-go. This initiative is aligned with the company's revamped sign-in window design, which streamlines the process for a passkey-first experience.
According to Microsoft, new accounts will be passwordless by default. Users won't even be prompted to create a traditional password. Existing users can still ditch their passwords by heading to their account settings.
This move coincides with Microsoft renaming "World Password Day" to "World Passkey Day," underscoring their commitment to passkey implementation. The company reports impressive adoption rates, with nearly a million passkeys being registered daily. Passkey users also experience a 98% sign-in success rate compared to a mere 32% for password-based logins.
Microsoft emphasizes the growing threat landscape, citing a staggering 7,000 password attacks per second observed last year – more than double the rate from 2023. Passkeys offer a more secure alternative, linking account security to the user's physical device. An attacker needs access to both the hardware and the unlock method (biometric or PIN) to bypass the security.
"If a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing. Our ultimate goal is to remove passwords completely and have accounts that only support phishing-resistant credentials," Microsoft stated, highlighting the inherent vulnerabilities of password-reliant systems.
The FIDO Alliance, dedicated to promoting passkeys, applauds Microsoft's password deletion strategy. CEO Andrew Shikiar sees it as a landmark achievement, encouraging other service providers to follow suit and accelerate the transition to a passwordless world.
Microsoft highlights the ease of use and intuitive nature of passkeys, eliminating the hassle of complex password creation and memorization. They emphasize that passkeys are resistant to phishing attempts and can be used across all devices, ensuring users never have to worry about forgetting passwords again.
Key takeaways from Microsoft's new approach:
- New accounts are passwordless by default
- Simplified sign-in user experience
- Passwordless-preferred sign-in
Microsoft's actions illustrate their commitment to a future where signing into online accounts is effortless and secure. By prioritizing usability and security, Microsoft hopes to make every sign-in frictionless and safe. But, will users fully embrace this change? Will other tech giants follow suit? Let us know your thoughts in the comments below!
