You are currently viewing Microsoft to Remove Passwords in 8 Weeks, Calling for Global Move to Passkeys
Citation: Image is used for information purposes only. Picture Credit: https://imageio.forbes.com/

Microsoft to Remove Passwords in 8 Weeks, Calling for Global Move to Passkeys

Prime Highlights:

  • Microsoft will start removing passwords for more than 1 billion users in eight weeks.
  • The company is encouraging passkeys as a safer, faster, and phishing-resistant replacement.

Key Facts:

  • Microsoft blocks 7,000 password-based attacks every second.
  • Adversary-in-the-middle phishing attacks have increased by 146% over the past year.
  • Sign-ins using passkeys are three times speedier and more secure than passwords.

Key Background :

In a significant security change, Microsoft has announced it will start erasing classic passwords of more than 1 billion users in the coming eight weeks. It is motivated by the steep spike in cyberattacks, such as phishing and credential steals, on password-based systems. Microsoft announced it now blocks nearly 7,000 password-based attacks every second, almost twice the number from last year.

In order to fight this increasing menace, Microsoft is urging people to use passkeys—a new form of authentication that relies on device-based biometrics (such as facial recognition or fingerprint) or a PIN. Passkeys are different from regular passwords since they are locally stored on users’ devices and provide greater resilience against phishing and credential stuffing attacks.

Microsoft says user take-up of passkeys is already being a success. Users are three times as likely to sign in using a passkey as they would be using a password. And 99% of users who initiate the passkey setup process actually follow through and complete it, and passkey sign-in not only is more secure but also much faster—up to three times as fast as passwords, and eight times faster than passwords and multifactor authentication together.

To speed this transition, Microsoft is introducing prompts to users upon account creation and password updates, encouraging them to generate passkeys. Although this temporary dual system of supporting both passwords and passkeys has been in effect, Microsoft now seeks to end passwords altogether and use only phishing-resistant credentials.

The decision is in concert with overall industry momentum as technology companies across the board are advocating for a passwordless future. Apple and Google are also investing in passkey technology, as they see how vulnerable passwords are to attack today.

As cyber attacks grow increasingly advanced, Microsoft’s transition to a passwordless environment is a major step forward in digital security—providing users with a more secure, easier, and quicker method of accessing accounts. The eight-week milestone is a turning point in Microsoft’s move toward the eventual elimination of the password, potentially transforming the way individuals engage with digital services worldwide.

Read More – Palantir and Divergent Partner to Transform Supply Chains