



Microsoft announced today that commercial subscribers and the general public will now be able to sign in to Microsoft accounts and apps using a passkey using their face, fingerprint, or device PIN.

The additional support for Microsoft consumer accounts works across Windows, Google, and Apple platforms, a move Redmond described as a step closer to the company's 10-year dream of a “password-free world.”

As of Thursday, users can now sign in to their Microsoft accounts with a passkey via desktop and mobile browsers, with mobile app support coming soon.

The timing is no coincidence. Today is also World Password Day. Although this day is a made-up holiday, it is typically a day when technology companies are working to move away from requiring or encouraging users to somehow remember or write down their own strong passwords. It's an opportunity to be proud of your presence. For each app or online service you use.

True to form, Google also commemorated the occasion by declaring that it had reached a milestone in its year-old passkey support.

“Today, we announced that passkeys have been used more than 1 billion times to authenticate users across more than 400 million Google accounts,” project managers Sriram Kara and Christian Brand said in a statement.

When Microsoft rolled out Windows Hello and Windows Hello for Business in 2015, it was detecting about 115 password attacks per second, said Vasu Jakkal, corporate VP of security, compliance, identity and management at Redmond. said Joy Chik, President of Identity and Management. network access.

As of 2023, that number has increased by 3,378% to over 4,000 per second.

“Password attacks are so popular because they still yield results,” Jakkal and Chik wrote in a blog post announcing passkey support.

“It is painfully clear that passwords alone are not enough to protect our lives online,” they said. “No matter how long and complex your password is, or how often you change it, there is still a risk.”

Passkeys are based on the FIDO Alliance standard, which is supported by Apple, Microsoft, and Google. Think of these as password replacements.

The technology works as follows in a nutshell. When you create an account on a website or app, your device generates an encrypted public-private key pair. The backend of your site or app gets a copy of the public key, and your device holds the private key. That private key remains secret to your gear. When you try to log in, your device and backend authentication system interact with your digital key to prove who you are and allow you to log in. If you don't have your private key or can't prove you have it, you won't be able to log in.

Devices can protect private keys locally using biometric face scans, PINs, fingerprints, etc. So if someone wants to break into your account, they will need a PIN or biometric scan of your device and a secret girlfriend in order to unlock the private key (or somehow get a copy of the private key). You will need. This is considered more secure than forcing users to remember or save their passwords, and ensures a unique key pair for each account. For those wondering about multi-factor authentication, it's something that is built in to some degree. Criminals typically need to obtain your physical device and your secrets or physical parts to access your private keys.

“This key pair combination is unique, so your passkey only works on the website or app you created it for, so you can't be tricked into signing into a similar, malicious website,” Microsoft explained. “This is why passkeys are said to be 'phish-proof.'”

Ultimately, uppercase letters, lowercase letters, numbers, special characters, and your first pet's name (for parakeets only) for every app or website you visit.

“The best part about Passkey is that you no longer have to worry about creating, forgetting, or resetting passwords,” say Jakkal and Chik.

To be fair, this is probably an exaggeration. Criminals are a cunning bunch and may find a way to defeat this modern approach. We're not talking about cutting off people's fingers or faces.

But on this World Password Day, we hope you can enjoy the simplicity and security of passkeys for at least another year.

