Microsoft says passwords are no longer enough as it pushes passkeys

Microsoft claims regular passwords are no longer enough. As attacks use more sophisticated AI tools, the company pushes passkeys.

On World Password Day, the first Thursday of May, Microsoft published a blog post detailing the importance of shifting from traditional passwords to passkeys as security becomes more important amid more advanced attacks using AI and other sophisticated techniques.

In a new security blog post, the company says passkeys are becoming increasingly important. According to Microsoft, passwords remain one of the weakest links in online security. With credential leaks and phishing attacks, Microsoft argues that users should ditch traditional passwords and switch to passkeys.

Microsoft is already a major passkey proponent. Earlier this year, the company announced that new Microsoft accounts are now passwordless by default, allowing users to sign in with passkeys, biometrics, or security keys instead of traditional passwords. Existing users can also remove passwords from their accounts manually. Additionally, Windows 11 now has better passkey integration, which allows it to use passkeys stored in third-party managers like 1Password or Bitwarden. Microsoft will also let you sync passkeys from Microsoft Password Manager to iOS and Android via the Edge browser.

Passkeys offer a simpler and more secure authentication method because they rely on device-based verification, such as fingerprints, facial recognition, or PINs. Unlike passwords, passkeys are resistant to phishing attacks and cannot be easily stolen through fake login pages.

Microsoft is not alone in this effort either. The wider tech industry, including members of the FIDO Alliance, has been heavily promoting passkey adoption over the last year as part of a broader push toward passwordless authentication. As such, the FIDO Alliance estimates that 5 billion passkeys are already in use worldwide. Microsoft adds that "hundreds of millions of users" have already switched to passkeys for OneDrive, Xbox, and other Microsoft-made consumer services. The company itself switched its environment to passkeys:

Inside Microsoft, we’ve eliminated weaker authentication methods and rolled out phishing-resistant authentication, covering 99.6% of users and devices in our environment. It’s made signing in a lot simpler: no codes to enter, no extra prompts to manage, just a straightforward experience for everyone.

Microsoft also wants to make sure bad actors cannot phish out your account recovery data. Starting January 2027, security questions will no longer be able to reset Microsoft Entra ID passwords.

You can read more about the company's password-less efforts in a post on the official blog.

Source

Hope you enjoyed this news post. Feedback welcome.

Posted Saturday 9 May 2026 at 7:15 am AEST (my time).

News posts: 2023 5,800+ | 2024 5,700+ | 2025 5,700+ | 2026 (to end of April) 1,700

RIP Matrix