Microsoft introduces passkeys for consumer accounts

Technology Joy REPORT
Microsoft introduces passkeys for consumer accounts
Microsoft introduces passkeys for consumer accounts
Microsoft introduces passkeys for consumer accounts

By: Vasu Jakkal, Corporate Vice President of Security, Compliance, Identity and Governance.

By: Joy Chik, President, Identity and Network Access.

Ten years ago, Microsoft envisioned a bold future: a world free of passwords. Every year, we celebrate World Password Day by updating you on our progress toward eliminating passwords for good. Today, we are announcing support for passkeys for Microsoft consumer accounts, the next step towards our vision of easy and secure access for all.

In 2015, when we introduced Windows Hello and Windows Hello for Business as secure ways to access Windows 10 without entering a password, our identity systems were detecting about 115 password attacks per second.1 Less than a decade later, that number has increased 3,378% to more than 4,000 password attacks per second.2 Password attacks are so popular because they keep getting results. It’s pretty clear that passwords are not enough to protect our online lives. No matter how long and complicated your password is, or how often it is changed, it is still a risk.

The good news is that we have come a long way to make passwords a relic of the past. For a while, they’ve been able to sign in to apps and websites with FIDO security keys, Windows Hello, or the Microsoft Authenticator app instead of a password. Since September 2021, they have not only been able to sign in to their Microsoft account without a password, but they have also been able to remove their password entirely.3 We are almost where we want to go.

And now there’s an even better way to log in to more places without passwords: passkeys.

The future of login

If you’re like many people, you probably still use passwords to log in to most of your websites and apps, most likely from multiple devices. This can translate into hundreds of passwords to remember, unless they use a password manager. With passkeys, instead of creating, managing, remembering, and entering passwords, you access your digital accounts the same way you unlock your device, usually with your face, fingerprint, or device PIN. More and more apps and services are adding support for passkeys; You can now use them to log in to the most popular ones. Passkeys are so much easier and more secure than passwords that we predict that passkeys will replace passwords almost completely (and we hope this will happen soon).

Starting today, you can use a passkey to access your Microsoft account with your face, fingerprint, or device PIN on Windows, Google, and Apple platforms. Your passkey gives them quick and easy access to the Microsoft services they use every day, and it will do a much better job than your password at protecting your account from malicious attacks.

Easier and safer than passwords

Think about how many times and how many places you log in with a password every day. They’re 10? fifty? Not only is it a frustrating experience, but it is also an unreliable way to protect a digital account. Here’s why: When they enter a password to log into an account, they’re essentially sharing a secret with the website or app to prove that they should have access to the account. The problem is that anyone who gets hold of this secret can access your account, and if your password is compromised and appears on the dark web, the repercussions can be serious.

To make your credentials more secure, an app or website may ask you to make your password longer or more complex. But even if you follow all the best practices for creating “secure” passwords, it’s still a trivial exercise for hackers to guess, steal, or trick you into revealing them.

You may have experienced an attack yourself: you click on a link in an email that looks legitimate, which takes you to a website that looks like the one you’re used to, asking you to enter your credentials. But when they do, nothing happens or they get an error message. By the time they notice that the URL in their browser’s address bar is different than usual, it is too late. They have just become victims of phishing by a malicious website.

Many app and website providers understand that even complicated passwords aren’t that great at protecting your account, so they give you the option of using two-step or multi-factor authentication with approvals and codes sent to your phone, email or an application. While traditional multi-factor authentication can help protect your account, it’s not attacker-proof and creates another frustrating barrier between you and your content: all of these login attempts, passwords, and codes across all your devices can really add up.

That’s why we’re so excited about Pass Keys.

How passkeys work

Passkeys work differently than passwords. Instead of a single vulnerable secret, passkey access uses two unique keys, known as a cryptographic key pair. A key is stored securely on your device, protected by your biometrics or PIN. The other key stays with the app or website for which they create the passkey. They need both parts of the key pair to log in, just like they need both your key and the bank key to get into your safe deposit box.

Because this key pair combination is unique, your passkey will only work on the website or app you created it for, so they can’t be tricked into logging in to a similar malicious website. This is why we say that passkeys are “phishing resistant.”

And even better, all the goodness and strength of cryptographic authentication stays behind the scenes. All What they have All you have to do to log in is use your device’s unlock gesture: look at your device’s camera, press your finger on a fingerprint reader, or enter your PIN. Neither your biometric information nor your PIN leaves your device and is never shared with the site or service you log in to. Passkeys can also be synced between your devices, so if you lose or upgrade your device, your passkeys will be ready and waiting for you when you set up the new one.

The best part about passkeys is that you will never have to worry about creating, forgetting, or resetting passwords again.

Creating a passkey for your Microsoft account

Creating a passkey for your Microsoft account is easy. On the device you want to create the passkey on, follow this link and choose the option face, fingerprint, PIN or security key. Then follow the instructions for your device.

For more information on how to create passkeys for your Microsoft account, visit this guide.

Sign in to your Microsoft account with a passkey

When you sign in to your Microsoft account, you can use the key by-pass when choosing Login Options and then select face, fingerprint, PIN or security key. Your device will open a security window and you can then use your passkey to log in.

Image showing how to sign in to a Microsoft account on mobile devices with passkey
Figure 1. Sign in to your Microsoft account on mobile devices.

Today, they can use a passkey to sign in to Microsoft apps and websites, including Microsoft 365 and Copilot on desktop and mobile browsers. Signing in to mobile versions of Microsoft apps with the passkey will be supported in the coming weeks.

If they want to use passkeys to sign in to work-related apps and services, their administrator can configure the Microsoft Sign In ID to accept passkeys hosted on a hardware security key or in the Microsoft Authenticator app installed on the device. mobile device.

In this age of AI, there is an unprecedented opportunity for creativity and productivity that enables everyone on the planet, including the billions of Microsoft users who access services for work and life every day, achieve more. Protecting and accessing your digital life doesn’t have to be a hassle, and you shouldn’t have to choose between simple access and secure access. Accessing their Microsoft account with a passkey allows them to leave the frustration of passwords and codes behind, so they can focus on being creative and getting things done.

Happy World Password Day!

Learn more

To learn more about Microsoft security solutions, visit our website. Bookmark the security blog to stay up to date with our expert coverage of security issues. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest cybersecurity news and updates.

1Microsoft Password Guide, Microsoft Identity Protection Team.

2Microsoft Entra expands to Security Service Edge and Azure AD becomes Microsoft Entra ID, Joy Chik. July 11, 2023.

3The passwordless future is here for your Microsoft account, Vasu Jakkal. September 15, 2021.

 
For Latest Updates Follow us on Google News
 

-

PREV Ubisoft’s underrated game is 85% off and rebounds on Steam
NEXT Why are news publishers concerned about Google search with AI?

Related posts

The 77th Cannes Film Festival once again opts for Christie projectors

US government asked to reclassify marijuana – DW – 05/16/2024

Who is Lorinc Mészáros, the humble pipe fitter who became the most powerful billionaire in Hungary

They present three motions to remove the president of Peru – Radio Rebelde