Microsoft is on a mission to delete passwords for a billion users, given that “the password era is ending.” The Windows-maker warns users that “bad actors know it, which is why they’re desperately accelerating password-related attacks while they still can.” And those attacks are now making headlines weekly.
The answer is passkeys, which link your account security to your physical device security, which means unless an attacker has access to your hardware and unlock method — biometric or PIN, they can’t bypass a password to login.
More than others, Microsoft is not just promoting passkeys but also password deletion: “If a user has both a passkey and a password, and both grant access to an account, the account is still at risk for phishing. Our ultimate goal is to remove passwords completely and have accounts that only support phishing-resistant credentials.”
The FIDO Alliance, the organization charged with promoting passkeys has taken to the internet airwaves this time around to “launch a Passkey Pledge to further accelerate [the] global movement away from passwords.”
Its latest research found that “over 35% of people had at least one of their accounts compromised due to password vulnerabilities, [and] 47% of consumers will abandon purchases if they have forgotten their password for that particular account. This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.”
FIDO has welcomed Microsoft’s password deletion as industry leading. “This is an exciting and seminal milestone as Microsoft is taking passwords out of play for over a billion user accounts,” its CEO Andrew Shikiar told me, “who can now instead leverage user-friendly, phishing-resistant passkeys. Microsoft’s leadership in doing so today will help encourage more service providers to do the same, which moves us collectively closer to the day when passwords are fully in our rear-view mirror.”
