Microsoft joined the passkey party in May last year, and today, it has announced the next step to protect folks using a Windows PC or any other Microsoft service. Moving ahead, all new Microsoft accounts will go password-less by default. Convenience and enhanced safety, if you will.
Imagine a world where you don’t have to remember complex passwords, or hackers cracking their way past it with ease for your Microsoft account. The solution to that security utopia is passkeys, which are essentially digital keys that turn your trusted devices into a login key.
These digital keys are also protected behind a biometric lock. The next time you try to log in, you will get a prompt on your phone or PC. You simply have to agree to it by verifying your identity via a face unlock, fingerprint scan, or entering the device password.
What is changing?
“New users will have several passwordless options for signing into their account and they’ll never need to enroll a password,” the company says in a security update. For users with an existing Microsoft account, they can go ahead and delete the saved passwords from the account dashboard, and switch entirely to passkeys.
Users with two-factor authentication (2FA) enabled will no longer be asked to enter their password. Instead, they will be directly asked to enter the 2FA code sent as an SMS or email. The next time they try to access their account, they won’t even have to access the 2FA code, and will switch entirely to access through passkeys.
Google, Apple, and Microsoft have all joined the passkey revolution. Passkeys are created using cryptography techniques that follow the FIDO security protocols. The key to enable login for any service is stored privately on the user’s device.
How to use a passkey?
These private keys can only be used once users verify their identity using a fingerprint or face scan, or unlock their device with a PIN or password. If you are in the Windows ecosystem and want to enable passkeys for your Microsoft account, the best way forward is using the Authenticator app.
The app is available for both Android and iOS devices. After registering the passkey, users only have to enable it within the settings app. On Android phones, they can flick the Authenticator toggle in the Passwords & accounts dashboard in the Settings app.
On an Apple device, you need to enable it from within the Autofill & Passwords section in the Settings app. Passkeys are supported across Windows 10 and 11, macOS Ventura and later versions, iOS 16, Android 9, Chrome OS 109, Microsoft Edge (version 109), Safari (version 16), and Chrome on mobile devices.
If you don’t like Microsoft’s authenticator app, you can choose to save passkeys in third-party apps, as well, such as 1Password. Irrespectively, all passkey information is end-to-end encrypted and relies on the PC’s TPM (Trusted Platform Module) to safeguard it.
Please enable Javascript to view this content