When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Microsoft says passwords are no longer enough as it pushes passkeys

Microsoft claims regular passwords are no longer enough. As attacks use more sophisticated AI tools, the company pushes passkeys.

Neowin · with 12 comments

Passkey settings in Windows 11

On World Password Day, the first Thursday of May, Microsoft published a blog post detailing the importance of shifting from traditional passwords to passkeys as security becomes more important amid more advanced attacks using AI and other sophisticated techniques.

In a new security blog post, the company says passkeys are becoming increasingly important. According to Microsoft, passwords remain one of the weakest links in online security. With credential leaks and phishing attacks, Microsoft argues that users should ditch traditional passwords and switch to passkeys.

Microsoft is already a major passkey proponent. Earlier this year, the company announced that new Microsoft accounts are now passwordless by default, allowing users to sign in with passkeys, biometrics, or security keys instead of traditional passwords. Existing users can also remove passwords from their accounts manually. Additionally, Windows 11 now has better passkey integration, which allows it to use passkeys stored in third-party managers like 1Password or Bitwarden. Microsoft will also let you sync passkeys from Microsoft Password Manager to iOS and Android via the Edge browser.

Passkeys offer a simpler and more secure authentication method because they rely on device-based verification, such as fingerprints, facial recognition, or PINs. Unlike passwords, passkeys are resistant to phishing attacks and cannot be easily stolen through fake login pages.

Microsoft is not alone in this effort either. The wider tech industry, including members of the FIDO Alliance, has been heavily promoting passkey adoption over the last year as part of a broader push toward passwordless authentication. As such, the FIDO Alliance estimates that 5 billion passkeys are already in use worldwide. Microsoft adds that "hundreds of millions of users" have already switched to passkeys for OneDrive, Xbox, and other Microsoft-made consumer services. The company itself switched its environment to passkeys:

Inside Microsoft, we’ve eliminated weaker authentication methods and rolled out phishing-resistant authentication, covering 99.6% of users and devices in our environment. It’s made signing in a lot simpler: no codes to enter, no extra prompts to manage, just a straightforward experience for everyone.

Microsoft also wants to make sure bad actors cannot phish out your account recovery data. Starting January 2027, security questions will no longer be able to reset Microsoft Entra ID passwords.

You can read more about the company's password-less efforts in a post on the official blog.

Switch 2
Next Article

Nintendo is raising Switch 2 price to $500, but not immediately

Microsoft Edge logo
Previous Article

Microsoft Edge is finally bringing passkey syncing to enterprise users

12 Comments

Load the comments and join the conversation!

Read the comments, ask the editors questions, show respect and join the conversation.

Click here