Microsoft introduces passkeys for consumer login

Microsoft is now offering consumers the ability to log into Microsoft services with passkeys. With this, the company wants to offer an alternative to using vulnerable passwords and MFA, which can be bypassed.

Microsoft has been working for several years to find a (more secure) alternative to password login to its services or environments. For example, it introduced facial recognition called Windows Hello for logging into Windows 10 in 2015.

In recent years, Microsoft has continued to adapt passwordless technology to new FIDO standards. It also promised to join Google and Apple in moving to FIDO Alliance passkeys by 2022. Google already made logging in with passkeys the default login method last year. By now, 16 percent of Google accounts use it.

Logging in with passkeys

Microsoft’s move has now resulted in its own customers being able to use passkeys effective immediately. So logging into Microsoft 365 apps, as well as Copilot, for example, can now be done via passkeys. The same functionality for Microsoft’s mobile applications will become available in the coming weeks.

If consumers want to log in with passkeys, they can ask administrators to modify their Microsoft Entra ID (formerly Microsoft Active Directory) to do so. That supports functionality for passkeys hosted on a hardware security key or in the Microsoft Authenticator app.

Keypair needed for decryption

Passkeys are seen as the future of passwordless login. Passkeys use two unique keys; a cryptographic “key pair”. One key (private key) is stored on the device and is monitored via biometric identification or a PIN.

The other key (a public key) remains in the particular app or website logged into with a passkey. Both components are needed to log in.

Passkeys are also known as phishing-resistant because the combination is only valid for logging into a website or app for which it was specifically created. Logging into malicious websites is therefore not possible.

Keyfactor and IBM accelerate quantum-secure transition

Keyfactor and IBM Consulting are launching a joint solution that helps companies map their cryptographic syst...

Berry Zwets 5 hours ago

Skeleton Key campaign exploits trusted RMM tools

Attackers are increasingly bypassing traditional malware defenses by exploiting legitimate remote monitoring ...

Berry Zwets 4 hours ago

Top story

What are the cyber threats to the Winter Olympics?

Major sporting events are popular targets for cyber attackers. There are therefore plenty of risks for the Wi...

Erik van Klinken 1 day ago

Top story

What Aikido teaches us about software and security

What does the rise of a European security unicorn mean for your department?

William Visterin 3 days ago

Expert Talks

Stay tuned, subscribe!

How does agentic ops transform IT troubleshooting?

Dynatrace provides Dutch Translink insights into complex processes in public transport transactions

ClickHouse, the open-source challenger to Snowflake and Databricks

Why your SOC needs a ROC, according to Qualys

Workday Rising EMEA: platform transformation: Pipedream, AI agents and sovereignty

Why 90% of Salesforce Agentforce deployments start with service

How Cisco's AI Canvas is revolutionizing network troubleshooting

Secure networking: the foundation for the AI era

Why AI adoption requires a dedicated approach to cyber governance

Professional print materials for European tech events, why booth design still makes the difference

AI audit trails: the next step toward responsible AI for businesses

Rocket Fuel Factory

Appdevcon

Webdevcon

Dutch PHP Conference

De IT Afdeling van de toekomst

GITEX ASIA 2026

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices