Microsoft recently announced that starting this month, all new Microsoft accounts will be passwordless by default.
Instead, accounts will use a passkey, which involves a fingerprint, face ID, or PIN.
Although they are not yet forcing customers to stop using passwords, Microsoft’s goal is to “eventually remove password support altogether,” as stated in their May 1st post.
There are advantages and risks in switching to passkeys.
Advantages of Passkey Use
Some are excited to move away from passwords, which pose a challenge to remember or store, and, if stored in a browser, can be easily stolen by cybercriminals. Microsoft cited concerns over passwords’ vulnerability to cyberattacks in their announcement of the passkey switch. Last year, there were “a staggering 7,000 password attacks per second,” which was “more than double the rate from 2023.” Thus, their shift to passkeys is not intended to decrease security, but to use a different method that may not be as vulnerable to attack.
Another advantage of passkeys is swifter and more successful logins. Microsoft points out that users experienced a much higher success rate of logging into their accounts on the first try with a passkey as opposed to a password, and in a shorter period of time.
Risks of Passkey Use
Others, however, have privacy concerns in the use of passkeys. The foremost concern is the use and storage of sensitive biometric information. As tech companies have often sold users’ data without informing them, entrusting these companies with even more personal data may not go well given their past conduct.
Next, although passkeys are less vulnerable to being stolen by cybercriminals, if biometric passkeys are compromised, cybercriminals gain a permanent means of entry into individuals’ information. Unlike a password, which can be changed, a user cannot change his or her fingerprints or face. This exposes the user to far longer-term threats than would occur with a breached password that could be reset.
Also, passkeys are tied to specific devices. If users change phones without the information being backed up, they could be locked out of their accounts.
—
Microsoft’s announcement represents a major shift in the online world. In fact, the company is trying to work towards a future in which all websites can be logged into using biometrics. While the specifics of how this will be accomplished are still unclear, their announcement does draw attention to the ever-shifting cybersecurity threats, and tech companies’ search for the best means to combat them.