Microsoft accounts will encourage you to move away from passwords and adopt a passkey instead.

      Microsoft joined the movement towards passkeys in May of last year, and today, the company has announced a new measure to enhance security for users of Windows PCs and other Microsoft services. Going forward, all new Microsoft accounts will be set up to operate without passwords by default, offering both convenience and improved security.

      Envision a scenario where remembering complicated passwords is unnecessary, and where hackers find it difficult to compromise your Microsoft account. The answer to achieving that secure environment is passkeys, which serve as digital keys, transforming your trusted devices into login keys.

      These digital keys are safeguarded by biometric locks. When you attempt to log in next time, you will receive a prompt on your mobile device or PC, and you just need to confirm your identity using face recognition, a fingerprint scan, or by entering the password for the device.

      What is changing?

      According to a security update from the company, "New users will have various passwordless options for signing into their account and they will never need to set a password." Existing Microsoft account users can remove saved passwords from their account dashboard and completely switch to passkeys.

      Users who have two-factor authentication (2FA) enabled will no longer be prompted to enter their password. Instead, they will be directly requested to input the 2FA code received via SMS or email. The next time they log in, they will skip the step of retrieving the 2FA code and will simply access their account using passkeys.

      Google, Apple, and Microsoft have all embraced the passkey concept. Passkeys are generated using cryptographic methods adhering to the FIDO security protocols. The key that allows login for any service is kept securely on the user's device.

      How to use a passkey?

      These private keys can only be utilized once users confirm their identity via a fingerprint or face scan, or by unlocking their device with a PIN or password. If you are part of the Windows ecosystem and wish to activate passkeys for your Microsoft account, the recommended approach is to utilize the Authenticator app.

      This app is available on both Android and iOS platforms. After registering the passkey, users simply need to enable it in the settings app. On Android devices, they can toggle the Authenticator option in the Passwords & Accounts section of the Settings app.

      For Apple devices, it must be activated within the Autofill & Passwords section of the Settings app. Passkeys are compatible with Windows 10 and 11, macOS Ventura and later versions, iOS 16, Android 9, Chrome OS 109, Microsoft Edge (version 109), Safari (version 16), and mobile Chrome.

      If you prefer not to use Microsoft's authenticator app, you have the option to store passkeys in third-party applications, such as 1Password. Regardless, all passkey data is end-to-end encrypted and relies on the PC’s TPM (Trusted Platform Module) for protection.