Microsoft now uses passkeys by default for all new accounts, helping its users stay secure by ensuring that their passwords can’t be stolen by not having one. Microsoft will ask you for an email address when creating an account for the first time. It will then send a verification code to confirm your identity, and once done, it will become your default credential for your new account.
After you’ve created your Microsoft account and signed in, the company will ask you to add a passkey. Once you have done so, you can use Windows Hello or your device’s biometric security features to access your account.
Passkeys have been around for almost a decade, with Windows 10 getting support for passwordless sign-in in July 2015. However, it took some time for the standard to gain traction, with Google, Apple, and Microsoft rolling it out to their respective operating systems in 2022.
Furthermore, personal Microsoft accounts only received this feature in 2024. Still, this is a welcome development, as it will make accessing your Microsoft account easier and more secure. After all, this is one less password you need to remember among the hundreds, if not thousands, of passwords you keep for your numerous accounts.
Microsoft wants to kill passwords
The company has updated the user experience for its login pages by detecting the best authentication method from the start instead of offering all the possible options.
“For example, if you have a password and “one-time code” set up on your account, we’ll prompt you to sign in with your one-time code instead of your password. After you’re signed in, you’ll be prompted to enroll a passkey. Then the next time you sign in, you’ll be prompted to sign in with your passkey,” said Microsoft Identity & Network Access President Joy Chik and Microsoft Security Corporate VP Vasu Jakkal. “This simplified experience gets you signed in faster and, in our experiments, has reduced password use by over 20%. As more people enroll passkeys, the number of password authentications will continue to decline until we can eventually remove password support altogether.”
Passwordless accounts will make it harder for bad actors to illicitly access accounts, as they can no longer steal credentials through phishing, keylogging, SIM swapping, and more. And even if you lose your passkey device, you’re still protected, as anyone who wants to access your data must use your biometrics to open it. Someone determined and with unlimited resources might still be able to circumvent passkey protection, but for the average person, this should be more than enough to increase their data security.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
