As passwords slowly go extinct, Microsoft is introducing another way to log in to your consumer account.
The company said Thursday that users logging in to Microsoft 365 workplace software, Copilot, Xbox and Skype can now use “passkeys” rather than traditional passwords or an authenticator app. That means whatever biometric authentication (such as a thumbprint or face ID) you use to open your phone or computer will be all you need to access your Microsoft account. Passkeys are available on desktop and mobile browsers starting Thursday, with support for mobile apps in the coming weeks, the company said.
Cybersecurity professionals and organizations such as the FIDO Alliance, an industry group that includes Amazon, Apple, Google and Meta, have been pushing consumer tech companies to retire “shared secret” passwords for the past decade. These passwords aren’t so secret – because people have so many to remember, they constantly lose or forget passwords, which leads to lost time and money for consumers and companies alike. Hackers, meanwhile, steal passwords in data breaches. Last year there were more than 3,000 breaches in the United States alone, according to the Identity Theft Resource Center. Microsoft says its identity systems detect around 4,000 password attacks each second.
Passkeys, on the other hand, can’t be stolen or forgotten. They’re strings of letters and numbers that are unique to your account, stored on your device or in a safe cloud environment. You don’t need to memorize them – they’ll automatically unlock your accounts when you go to log in.
Microsoft has been working on passkeys since FIDO introduced the technology two years ago, said Vasu Jakkal, corporate vice president of Microsoft security. The company wanted to wait to release passkeys until they could function across consumer accounts, Jakkal added.
Many sites have adopted passkeys, including Uber, TikTok, Amazon, PayPal and Nintendo. Here’s how to set them up for your Microsoft accounts.
– – –
How do I set up a passkey?
Go to https://login.live.com/ and select a method – face, fingerprint or PIN – to unlock your passkey. Going forward, you’ll select “Sign-in options” to log in with your passkey.
You may decide to turn on passkeys for other eligible accounts as well. To set up a passkey for Google (which includes Gmail and YouTube), open any Google app, click on your profile icon in the top right corner and go to “Manage your Google Account.” From there, go to “Security” in the left-hand menu, scroll to “How you sign in to Google” and turn on passkeys.
If you use a password manager such as Dashlane, 1Password, Apple or Google to store your passwords, you can save passkeys the same way. Your manager of choice should prompt you to save the passkey when you set it up.
– – –
Should I trust biometric authentication?
You can access your passkeys through the same biometric authentication you use to unlock your device – and yes, this method is safe and private.
Neither your device nor a company like Microsoft gets a copy of your face or fingerprint. Instead, your device uses some measurements of your face or thumbprint to create a mathematical representation of you. If your face or thumb matches this profile, your device sends the green light to Microsoft, saying it’s really you trying to log in.
Biometrics are more secure than traditional passwords, experts agree. But if you can’t or don’t want to use face or fingerprint ID, you can still secure your passkey behind a PIN or password.
– – –
What if I share my account?
Shared devices and accounts – such as a library computer or family email address – can be a challenge for passkey users, said FIDO Alliance Executive Director Andrew Shikiar. Some password managers such as Apple’s let you share passkeys with people in your contacts.
If you share a Microsoft account with someone else, it might be easiest to log in with a safe option like the Microsoft Authenticator app, which you can download on multiple devices linked to the same account.
– – –
Can I keep using my password?
Yep – if you really don’t want to set up a passkey, you can continue using a traditional password. Keep in mind, though: About two-thirds of people familiar with passkeys find them more convenient than passwords, a FIDO survey estimated.
Biometric surveillance is a way to collect personal information about you and keep your DNA fingerprint or facial ID in store. I would say: keep away from these passkeys for your own good.
Agreed.
There is at least one troll who regularly posts misinformation on this site, but this suggestion is a sound one, not trolling and people should take it seriously. Once Microsoft has your biometric information, it’s just one hack away from falling into the hands of the bad guys, and unlike a password you can’t ever change your fingerprints, retinal scan, or other biometric data.
It’s mainstream media posting misinformation, not posters trolling.