Microsoft introduces passkeys for consumer login

Microsoft is now offering consumers the ability to log into Microsoft services with passkeys. With this, the company wants to offer an alternative to using vulnerable passwords and MFA, which can be bypassed.

Microsoft has been working for several years to find a (more secure) alternative to password login to its services or environments. For example, it introduced facial recognition called Windows Hello for logging into Windows 10 in 2015.

In recent years, Microsoft has continued to adapt passwordless technology to new FIDO standards. It also promised to join Google and Apple in moving to FIDO Alliance passkeys by 2022. Google already made logging in with passkeys the default login method last year. By now, 16 percent of Google accounts use it.

Logging in with passkeys

Microsoft’s move has now resulted in its own customers being able to use passkeys effective immediately. So logging into Microsoft 365 apps, as well as Copilot, for example, can now be done via passkeys. The same functionality for Microsoft’s mobile applications will become available in the coming weeks.

If consumers want to log in with passkeys, they can ask administrators to modify their Microsoft Entra ID (formerly Microsoft Active Directory) to do so. That supports functionality for passkeys hosted on a hardware security key or in the Microsoft Authenticator app.

Keypair needed for decryption

Passkeys are seen as the future of passwordless login. Passkeys use two unique keys; a cryptographic “key pair”. One key (private key) is stored on the device and is monitored via biometric identification or a PIN.

The other key (a public key) remains in the particular app or website logged into with a passkey. Both components are needed to log in.

Passkeys are also known as phishing-resistant because the combination is only valid for logging into a website or app for which it was specifically created. Logging into malicious websites is therefore not possible.

Microsoft requires MFA for Microsoft 365 admin center

Starting February 9, 2026, Microsoft will enforce multi-factor authentication (MFA) for all users who want to...

Berry Zwets 14 hours ago

Top story

Why did so many security vendors abandon MITRE’s stresstest?

This year, MITRE made headlines primarily because its leading vulnerability database was in danger of being d...

Erik van Klinken December 12, 2025

Top story

Sophos CEO sees “cybersecurity poverty line”: what to do about it?

We sit down with Sophos CEO Joe Levy during Pax8 Beyond to discuss, among other things, the progress of the S...

Sander Almekinders December 11, 2025

Expert Talks

Tech calendar

Stay tuned, subscribe!

Arm and Nvidia are on the prowl for physical AI’s ‘ChatGPT moment’

‘Ni8mare’ vulnerability affects n8n platform with a score of 10.0

DeepSeek breakthrough gives LLMs the highways it has long needed

In-depth conversation about Agentforce IT service and how it wants to change the ITSM market

Atlassian CTO on realistic AI: Rovo, data privacy & adoption

AI data centers: the road to 1 megawatt per rack explained

AFX is NetApp's data platform of the future with integrated AI data prep

Cybersecurity in 2026 demands managing human behavior and agentic AI

Digital sovereignty: from buzzword to business imperative

Why specialized LLMs are the future of generative AI

The year of the AI agents: why 2026 is about value, not technology

Appdevcon

Webdevcon

Dutch PHP Conference

De IT Afdeling van de toekomst

GITEX ASIA 2026

SAS Innovate 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices