Microsoft introduces passkeys for consumer login

Microsoft is now offering consumers the ability to log into Microsoft services with passkeys. With this, the company wants to offer an alternative to using vulnerable passwords and MFA, which can be bypassed.

Microsoft has been working for several years to find a (more secure) alternative to password login to its services or environments. For example, it introduced facial recognition called Windows Hello for logging into Windows 10 in 2015.

In recent years, Microsoft has continued to adapt passwordless technology to new FIDO standards. It also promised to join Google and Apple in moving to FIDO Alliance passkeys by 2022. Google already made logging in with passkeys the default login method last year. By now, 16 percent of Google accounts use it.

Logging in with passkeys

Microsoft’s move has now resulted in its own customers being able to use passkeys effective immediately. So logging into Microsoft 365 apps, as well as Copilot, for example, can now be done via passkeys. The same functionality for Microsoft’s mobile applications will become available in the coming weeks.

If consumers want to log in with passkeys, they can ask administrators to modify their Microsoft Entra ID (formerly Microsoft Active Directory) to do so. That supports functionality for passkeys hosted on a hardware security key or in the Microsoft Authenticator app.

Keypair needed for decryption

Passkeys are seen as the future of passwordless login. Passkeys use two unique keys; a cryptographic “key pair”. One key (private key) is stored on the device and is monitored via biometric identification or a PIN.

The other key (a public key) remains in the particular app or website logged into with a passkey. Both components are needed to log in.

Passkeys are also known as phishing-resistant because the combination is only valid for logging into a website or app for which it was specifically created. Logging into malicious websites is therefore not possible.

Rubrik and CrowdStrike expand identity security with rollback feature

Rubrik Identity Resilience integrates with CrowdStrike Falcon Next-Gen Identity Security. The expanded collab...

Berry Zwets 1 hour ago

API attacks are skyrocketing: 40,000 incidents in six months

API attacks reached a record high in the first half of 2025, with more than 40,000 incidents recorded. Cyberc...

Berry Zwets 8 hours ago

Top story

IGEL benefits from seismic VMware and Windows 10 shifts

No matter how strong IT security is, cyberattacks are almost impossible to prevent. IGEL argues that endpoint...

Erik van Klinken August 22, 2025

Top story

Infoblox turns DNS into cybersecurity’s first line of defense

Infoblox positions DNS as the earliest point of cyber threat prevention, claiming to block malicious infrastr...

Berry Zwets September 2, 2025

Expert Talks

Tech calendar

Stay tuned, subscribe!

Cisco brings Splunk to the data, wherever it is

Microsoft purchases 50 hectares for Dutch data center expansion

The AI world is shifting: Microsoft chooses Anthropic, OpenAI opts for Oracle

Rise with SAP vs Grow with SAP: the different SAP ERP journeys

HPE's rise as a credible virtualization player started with Morpheus acquisition

Evolution of private 5G and Wi-Fi: is convergence on the horizon?

Oracle Database @ AWS: best of both worlds?

The AI productivity mirage: why leaders are aiming at the wrong target

Meeting future workload demands: the case for emerging memory technologies

How AI and automation are redefining ROI in the enterprise

Enhancing video encoding: The AV1 support in the new ARTPEC-9 System-on-Chip

VeeamON Tour 2025

IT Arena

National 6G Conference

Innovation Week 2025

Luxembourg Venture Days

Appdevcon

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices