Microsoft is extending support for passkeys (access keys) a little further, by generalizing them to individual accounts. The software giant has never moved further away from passwords than it does today.
It’s quite a paradox. May 2 is traditionally World Password Day. The opportunity to remember, for example, that it is necessary to respect a sufficient length to have secure codes. Or that we can no longer tolerate “admin/password” type combinations. However, it is this day that Microsoft chose to distance itself a little more… from passwords.
Indeed, the American company took the opportunity of World Password Day to praise its latest initiative: the availability of passwords for all personal Microsoft accounts. This announcement, made on May 2 on his blog, is part of an already old policy. The company has been trying to move away from passwords for almost ten years.
Passkeys, which are commonly translated as access keys, are designed to replace passwords, which suffer from a few flaws. Passkeys are working to correct them. This includes better resistance to phishing and data leaks, two problems that arise very regularly.
In its operation, the passkey is robust by default and generates a pair of keys for each site (one public, one private). This mechanism avoids problems if the public key leaks, because it only works with the private key. These key pairs are unique for each site or service, which has the effect of compartmentalizing everything.
The benefits and operation of passkeys are, by all accounts, superior to passwords. Another advantage: they were not designed to be memorized, which avoids getting your brain in knots (or giving in to the easy way, by always typing the same passwords). To store them, we can use password managers.
According to Microsoft, passkeys are now used to sign in to Microsoft apps and websites, including Microsoft 365 and Copilot on desktop and mobile browsers. In the coming weeks, support for signing in to mobile versions of Microsoft apps with Passkeys will be expanded.
Ten years of effort to move away from passwords
Before arriving at passwords, Microsoft had ten years during which it gradually deployed options to bring about a future without passwords. As early as July 2015, for example, the company included the ability to log into Windows 10 using facial recognition. This is the Windows Hello mechanism.
During the years that followed, Microsoft pushed its efforts to different levels: support for physical FIDO security keys, passwordless authentication for browsers (Edge, Firefox, Chrome) via Windows Hello, FIDO2 certification for Windows 10, or the increased role of the Microsoft Authenticator application.
The big shift, however, took place in 2022, with the commitment that Microsoft, Google and Apple made together to support passkeys to get rid of passwords. Since then, each member of the trio has deployed notable means to adapt their ecosystem to a world without passwords. And the rest of the industry follows.
Over the past two years, tech has largely moved towards passports: PayPal, Proton, TikTok, WhatsApp, the PlayStation Network and many others. There is a site that lists all the sites and services that are compatible with passkeys. Even password managers have gotten into it, to be ready for the day these codes disappear.
Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!