Software giant, Microsoft, has rolled out passkeys for all consumer accounts, enabling users to drop passwords to access the company’s accounts.
The company noted that the passkey rollout became expedient as password attacks surged to 4,000 per second. It noted that the rate of attacks on accounts with passwords is rising because the hackers are succeeding.
According to the company’s website announcement on Saturday, users of Microsoft services can now create a passkey on their devices and use their face, fingerprint, PIN, or security key to identify themselves. The introduction of passkeys marks the company’s next milestone in passwordless authentication.
Safe access
Announcing the passkeys rollout as a means of ensuring safe access for everyone, Microsoft said:
- “Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision of simple, safe access for everyone.
- “In 2015, when we introduced Windows Hello and Windows Hello for Business as secure ways to access Windows 10 without entering a password, our identity systems were detecting around 115 password attacks per second.
- “Less than a decade later, that number has surged 3,378% to more than 4,000 password attacks per second. Password attacks are so popular because they still get results.
- “It’s painfully clear that passwords are not sufficient for protecting our lives online. No matter how long and complicated you make your password, or how often you change it, it still presents a risk.”
How passkeys work
According to Microsoft, passkeys work differently from passwords. Instead of a single, vulnerable secret, passkey access uses two unique keys, known as a cryptographic key pair. One key is stored safely on the user’s device, guarded by their biometrics or PIN. The other key stays with the app or website for which anyone creates the passkey, the company explained.
It added that users need both parts of the key pair to sign in, just as they need both their key and the bank’s key to get into their safety deposit box.
- “Because this key pair combination is unique, your passkey will only work on the website or app you created it for, so you can’t be tricked into signing in to a malicious look-alike website. This is why we say that passkeys are ‘phishing-resistant,” Microsoft added.
Going passwordless
Going passwordless has become a trend among big tech companies. In 2023, Google started rolling out passkey support across Google accounts on all major platforms as an additional option for users to sign in, alongside passwords and 2-Step Verification.
The same year, the Meta-owned chat app Whatsapp rolled out passkeys to access the application on Android devices.
Earlier in 2022, Microsoft, Google, and Apple had announced a collaboration to create a new world where passwords will not be needed to access devices, webs, or apps. The three organizations are working to expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium.