Microsoft is embarking on an ambitious journey to eliminate passwords for a billion users, asserting that “the password era is ending.” The tech giant has issued a stark warning: “bad actors know it, which is why they’re desperately accelerating password-related attacks while they still can.” These attacks have become a frequent topic in the news, underscoring the urgency of the situation.
The Rise of Passkeys
The solution lies in passkeys, which enhance account security by linking it to the security of physical devices. This means that unless an attacker has access to your hardware and your unlocking method—be it biometric or a PIN—they cannot bypass a password to gain entry. Microsoft is not merely advocating for the adoption of passkeys; it is also championing the complete removal of passwords. The company emphasizes that if a user possesses both a passkey and a password, the account remains vulnerable to phishing attacks. Their ultimate aim is to eliminate passwords entirely, paving the way for accounts that rely solely on phishing-resistant credentials.
Today marks World Password Day, an occasion that Microsoft has chosen to leverage in its mission. The company encourages users to consider abandoning their passwords altogether, stating, “This World Password Day, think about ditching your password.”
FIDO Alliance’s Support
The FIDO Alliance, the organization dedicated to promoting passkeys, has taken to the internet to launch a “Passkey Pledge,” aimed at accelerating the global shift away from passwords. Recent research from the alliance reveals that over 35% of individuals have experienced account compromises due to password vulnerabilities. Furthermore, 47% of consumers are likely to abandon purchases if they forget their passwords for specific accounts. This data highlights the potential for passkey adoption, as 54% of those familiar with passkeys find them more convenient than traditional passwords, while 53% believe they offer enhanced security.
FIDO has applauded Microsoft’s initiative to delete passwords as a pioneering move in the industry. Andrew Shikiar, CEO of FIDO, remarked, “This is an exciting and seminal milestone as Microsoft is taking passwords out of play for over a billion user accounts. They can now leverage user-friendly, phishing-resistant passkeys. Microsoft’s leadership in this endeavor will encourage more service providers to follow suit, bringing us closer to a future where passwords are a thing of the past.”
Microsoft’s Renewed Commitment
On this World Password Day, or what Microsoft prefers to call Passkey Day, the company is reiterating its advice on password deletion. New accounts will be passwordless by default, and new users will have multiple passwordless options for signing into their accounts without ever needing to create a password. Existing users are encouraged to visit their account settings to remove their passwords.
Microsoft describes passkeys as “incredibly easy to use and intuitive,” eliminating the need for complex password creation and the burden of remembering them. Unlike passwords, passkeys are resistant to phishing attempts, making them a significantly more secure alternative. Additionally, users can employ their passkeys across all devices, alleviating concerns about forgetting passwords.
For those who must continue using passwords, Microsoft advises making them as long and complex as possible, and ensuring that any remaining two-factor authentication (2FA) codes are linked to an authentication app rather than SMS. “Although passwords have been around for centuries,” Microsoft states, “we hope their reign over our online world is ending.”
For more information on setting up Microsoft passkeys, you can find the details here.
