Skip to main content
Microsoft Ditches Passwords for New Accounts: A New Era of Security with Passkeys

Microsoft Ditches Passwords for New Accounts: A New Era of Security with Passkeys

Microsoft is making a bold move towards a passwordless future! The tech giant is now defaulting to passkeys and other secure methods for new accounts, signaling a major shift in how we authenticate online. This isn't just a minor tweak; it's a fundamental change in the user experience, designed to prioritize security and convenience.

STK095_MICROSOFT
Microsoft is pushing hard for a passwordless future.

For years, Microsoft has supported passwordless logins through Windows Hello and allowed users to remove passwords from existing accounts. Now, they're taking it a step further by prompting new users to opt for passwordless options like passkeys, push notifications, and security keys from the get-go. This initiative is aligned with the company's revamped sign-in window design, which streamlines the process for a passkey-first experience.

According to Microsoft, new accounts will be passwordless by default. Users won't even be prompted to create a traditional password. Existing users can still ditch their passwords by heading to their account settings.

This move coincides with Microsoft renaming "World Password Day" to "World Passkey Day," underscoring their commitment to passkey implementation. The company reports impressive adoption rates, with nearly a million passkeys being registered daily. Passkey users also experience a 98% sign-in success rate compared to a mere 32% for password-based logins.

Microsoft emphasizes the growing threat landscape, citing a staggering 7,000 password attacks per second observed last year – more than double the rate from 2023. Passkeys offer a more secure alternative, linking account security to the user's physical device. An attacker needs access to both the hardware and the unlock method (biometric or PIN) to bypass the security.

"If a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing. Our ultimate goal is to remove passwords completely and have accounts that only support phishing-resistant credentials," Microsoft stated, highlighting the inherent vulnerabilities of password-reliant systems.

The FIDO Alliance, dedicated to promoting passkeys, applauds Microsoft's password deletion strategy. CEO Andrew Shikiar sees it as a landmark achievement, encouraging other service providers to follow suit and accelerate the transition to a passwordless world.

Microsoft highlights the ease of use and intuitive nature of passkeys, eliminating the hassle of complex password creation and memorization. They emphasize that passkeys are resistant to phishing attempts and can be used across all devices, ensuring users never have to worry about forgetting passwords again.

Key takeaways from Microsoft's new approach:

  • New accounts are passwordless by default
  • Simplified sign-in user experience
  • Passwordless-preferred sign-in

Microsoft's actions illustrate their commitment to a future where signing into online accounts is effortless and secure. By prioritizing usability and security, Microsoft hopes to make every sign-in frictionless and safe. But, will users fully embrace this change? Will other tech giants follow suit? Let us know your thoughts in the comments below!

Can you Like

Multi-factor authentication (MFA), once considered the gold standard in online security, is increasingly under attack. Threat actors are developing sophisticated techniques to bypass even the most rob...
Apple users are facing a new security threat dubbed 'AirBorne,' a set of vulnerabilities found in the AirPlay feature and its associated SDK. This flaw, discovered by cybersecurity firm Oligo, could a...
In a shocking revelation that has security experts raising eyebrows, Microsoft has confirmed that in certain scenarios, old, revoked Windows passwords can still be used to log in via Remote Desktop Pr...