Microsoft announced sweeping updates to accelerate the shift away from passwords, introducing passwordless defaults for new accounts and a revamped sign-in experience that prioritizes usability and security.
The announcement marks a new chapter in Microsoft's decade-long effort to replace passwords with more secure and intuitive authentication methods. The company has formally taken the Passkey Pledge, joining dozens of organizations in support of the FIDO Alliance's initiative to increase global adoption of passkeys — phishing-resistant credentials tied to a device and unlocked with biometrics or a PIN.
Microsoft's journey toward passwordless authentication began ten years ago with the introduction of Windows Hello, a biometric login system now used by over 99% of Microsoft account holders on Windows devices. Building on this, Microsoft introduced passkey support in 2023, allowing users to sign in to services like Xbox and Copilot without passwords, apps, or codes. According to the company, nearly 1 million new passkeys are being registered daily, underscoring rapid user adoption.
This shift comes in response to the persistent threat posed by password-based attacks, which Microsoft reports have now reached 7,000 incidents per second — double the rate seen in 2023. Passwords, which remain vulnerable to phishing and brute-force attacks, are increasingly viewed as obsolete in the face of modern credential theft tactics.
The latest round of updates includes several major changes designed to make passwordless sign-ins the default:
- Passwordless by default: All new Microsoft accounts will no longer require a password at setup. Users will choose from passwordless options such as a passkey, eliminating the need to ever enroll a password.
- Streamlined Sign-In UX: A newly redesigned sign-in interface now highlights passwordless methods first. It intelligently detects the most secure option on the account and presents it by default — for example, prompting for a one-time code instead of a password when both are available.
- Passwordless enrollment prompts: After signing in, users with passwords are nudged to create a passkey, promoting a gradual transition away from passwords. According to Microsoft, this approach has already reduced password use by over 20% in early tests.
Passkeys, a key part of Microsoft's identity strategy, are based on the FIDO2 standard, which pairs a cryptographic private key stored securely on a user's device with a public key held by the service provider. Because the private key never leaves the device and is unlocked using biometrics or a PIN, passkeys are resistant to phishing, credential stuffing, and man-in-the-middle attacks.
With the FIDO Alliance estimating that over 15 billion accounts now support passkeys, Microsoft's aggressive implementation strategy signals a broader industry shift. However, the company acknowledges that widespread adoption is still in progress and urges users to begin securing their accounts today.
Leave a Reply