Microsoft Security Blog:
Happy World Passkey Day!
As the world shifts from passwords to passkeys, we’re excited to join the FIDO Alliance in leaving “World Password Day” behind to celebrate the very first “World Passkey Day.” To commemorate this renaming, Microsoft and dozens of other organizations have taken the Passkey Pledge to work toward increasing the implementation and adoption of passkeys over the coming year. For Microsoft, taking the pledge continues our commitment to a future where every sign in is simple and secure.
For detailed information on why passkeys are better than passwords, visit our website: What is a Passkey? Secure Signins | Microsoft Security
The journey toward passwordless sign-in
Ten years ago, Microsoft had a bold idea. Instead of signing in using clumsy and insecure passwords, what if you could simply smile?With this vision in mind, Microsoft introduced Windows Hello, a new way for users to securely sign in to their accounts with their face, fingerprint, or PIN. Windows Hello helped lay the foundation for an entirely new era of authentication.1 Today, more than 99% of people who sign into their Windows devices with their Microsoft account do so using Windows Hello.
However, as the world and our digital lives evolved, it became clear that just signing into your device without a password isn’t enough. To keep your digital life safe, you need a way to sign into any account without a password. As part of an industry-wide effort, Microsoft has collaborated closely with the FIDO Alliance, and with platform partners to develop passkeys: a standards-based phishing-resistant authentication method that replaces passwords. Now you can sign in to any supported app or website with a passkey using your face, fingerprint, or PIN. Hundreds of websites, representing billions of accounts, now support signing in with a passkey. The world is changing!
Over the past decade, we’ve observed two important, coinciding trends: people have grown increasingly accustomed to signing into their devices without passwords, and the number of password-based cyberattacks has increased dramatically. Bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking. In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password. Last year, we observed a staggering 7,000 password attacks per second (more than double the rate from 2023).2 As passkeys become the new standard, expect increased pressure from cyberattackers on any accounts still protected by passwords or other phishable sign-in methods.
Our users love signing into their Microsoft accounts with passkeys
Last year, we introduced passkey support for Microsoft accounts for our consumer apps and services like Xbox and Copilot, and now we see nearly a million passkeys registered every day. Because they’re not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98% versus 32%). When you use a passkey, you get into your account much quicker too! Passkey sign-ins are eight times faster than a password and multifactor authentication.
We believe that great usability and great security go hand in hand, so as we continue our transition to a passwordless world, we’re introducing some significant changes:
- New sign-in user experience (UX): Earlier this year, we launched a new visual style that simplifies the sign-in and sign-up experience. The new design is modernized and streamlined and prioritizes passwordless methods for sign-in and sign-up.3
- New accounts are passwordless by default: As part of this simplified UX, we’re changing the default behavior for new accounts. Brand new Microsoft accounts will now be “passwordless by default.” New users will have several passwordless options for signing into their account and they’ll never need to enroll a password. Existing users can visit their account settings to delete their password.
- Passwordless-preferred sign-in: We’re also making it simpler to sign in with safer options. Instead of showing you all the possible ways for you to sign in, we automatically detect the best available method on your account and set that as the default. For example, if you have a password and “one time code” set up on your account, we’ll prompt you to sign in with your one time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey. This simplified experience gets you signed in faster and in our experiments has reduced password use by over 20%. As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether.
Learn more with Microsoft Security
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. Source:
Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins | Microsoft Security Blog
Join us in embracing passkeys for secure, passwordless sign-ins. Learn more about our commitment to a safer digital future.
.
