You probably forgot to buy a cake to celebrate World Passkey Day in May, but if tech giants have their way you’ll soon be celebrating passkeys every day of the year as Microsoft prepares to relocate your passwords and push users towards using passkeys instead.
The Microsoft Authenticator app — which stores passwords and uses biometrics to verify your identity so they can be used in apps like the Microsoft Edge browser — stopped allowing passwords to be added in June and stopped autofilling passwords in July.
The biggest change to Authenticator, however, will come in August when saved passwords will no longer be accessible in the app — a significant change which is likely to catch out many users, for whom it will look like their passwords simply disappeared.
Don’t worry: contrary to some reports, Microsoft isn’t going to delete all of your passwords — just the ones the app has automatically generated, if you have not already saved them for regular use.
Your saved passwords will be moved to your Microsoft Account, which you can designate in iOS or Android as your preferred autofill provider — meaning Edge and other applications can source all the passwords from one centralised account.
If you regularly use Authenticator, the move will change your workflow, yet while Microsoft says it’s “streamlining autofill so you can use saved passwords easily across devices”, the change is also part of its plan to make passkeys ubiquitous.
A more secure way to log in
Despite going passwordless, Authenticator will continue to support passkeys, the phishing-proof encrypted authentication tokens that enable you to securely log in to websites without a password.
Defined by the FIDO Alliance’s FIDO2 standard, passkeys have rapidly become widely available, with all major web browsers supporting the encrypted codes and 75 per cent of devices said to be ready for passkeys as of early July.
Those passkeys are stored on registered devices or by centralised services like Microsoft Authenticator, and authenticated during login using methods such as scanning your face or fingerprint, or entering a PIN.
A FIDO Alliance survey of 1,389 end users released in May found 75 per cent of consumers were now aware of passkeys and 69 per cent enabled passkeys on at least one account, while 38 per cent said they enabled passkeys wherever possible.
Passkeys use biometrics or a PIN to securely log in without using a password. Image: FIDO Alliance
Why tech giants are pushing for passkeys
With recent leaks exposing billions of passwords for exploitation by cybercriminals, password compromise had hit the survey respondents hard, with 36 per cent saying they had at least one account compromised due to weak or stolen passwords.
Tech giants are actively working to force users to switch to passkeys, with Microsoft’s Authenticator change part of a plan that also saw it recently start forcing users to adopt passkeys when signing up for Microsoft Accounts.
Other major tech firms are getting onboard, with social media giant Meta beginning to roll out passkey support in Facebook in June, with its Messenger platform soon to follow.
Amazon is a big fan of passkeys — as is Google, which has updated Chrome with support for third-party autofill services like Microsoft Authenticator and has pushed passkeys hard, automatically creating them when it recently urged its two billion Gmail users to change their passwords.
Since it launched in April, over 100 companies have signed up for the FIDO Alliance’s Passkey Pledge — a voluntary way of publicly declaring support for the standard as individual firms join major tech companies to make passkeys ubiquitous.
Recent research found 48 per cent of consumers would trust a service that offered passkeys for authentication, Thales senior solution consultant Mohammad Shah Beikian said during a webinar in which he called the new technology “fantastic”.
Passkeys “are much more secure compared with passwords”, he explained, “and much easier to use so you get both security and user experience”.
“… If you are an IT organisation trying to help your customers reach the passwordless stage, it’s about ease of use.”
