Microsoft has begun replacing passwords with passkeys — such as facial recognition, fingerprint fingerprint scans, or PINs — as the default sign-in method for all new accounts starting May 1.
The announcement coincided with the unofficial World Password Day, an awareness event popularized by Intel in 2013. Microsoft, along with the FIDO Alliance and other tech companies, has joined the Passkey Pledge, a collective commitment to eliminate passwords in favor of phishing-resistant sign-in methods.
Microsoft sets passkeys as the default sign-in method
Microsoft account holders have had the option to use alternate login methods for years. The difference now, though, is that the company is making its biggest push yet for a future where passwords aren’t considered default. New customers will see a sign-in window designed to make passwordless sign-in seamless.
“Because they’re not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98% versus 32%),” wrote Joy Chik, president of identity and network access, and Vasu Jakkal, corporate vice president of Microsoft Security, in a blog post.
The company said 99% of Windows users already use Windows Hello, its built-in biometric authentication system. It claims passkeys are more secure than passwords and less vulnerable to phishing or data breaches. They also eliminate the need to remember long or complex credentials.
SEE: Apple patched 23 vulnerabilities bucketed under the name AirBorne in Apple’s AirPlay Protocol and AirPlay Software Development Kit.
Existing Microsoft account holders will still be able to use passwords to log in; however, devices will prompt them to use what Microsoft calls “the best available method on your account” — probably a passkey. For example, users with passwords and one-time codes from 2FA might be prompted to sign in with only the one-time code, then funneled into the passkey methods. The end goal: to get everyone signed up with PIN numbers or biometrics.
Google and Apple commit to FIDO standards
Microsoft uses a passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium. On May 5, Apple and Google also agreed to extend support for the standard, which replaces passwords with PINs or biometrics.
Google plans to implement FIDO-approved passkeys across Chrome, ChromeOS, Android, and other platforms globally.
“This new capability stands to usher in a new wave of low-friction FIDO implementations alongside the ongoing and growing utilization of security keys — giving service providers a full range of options for deploying modern, phishing-resistant authentication,” said Andrew Shikiar, executive director and CMO of the FIDO Alliance, in a press release.
SURVEY: Is your software supply chain secure? Calling all security savants to share your experiences, tips, and insights with the community on our sister site DZone. Take this security survey now!
