Microsoft has officially declared war on the password. In a sweeping update affecting more than a billion users, the company is making it clear—it’s time to ditch your Microsoft account password for good. This is just the latest move in Microsoft’s passkey update, which aims to move all users away from the security wyas of olden days.
Starting in April, Microsoft will begin rolling out a new sign-in and account creation experience that puts passkeys at the center. “Our ultimate goal is to remove passwords completely,” the company said in a security update posted in December.
Microsoft says it now blocks around 7,000 password-related attacks per second, nearly double the rate from last year. With AI-fueled phishing attempts and increasingly clever hacks, passwords—no matter how long or quirky—just aren’t holding up. Forcing a passkey on Microsoft users seems to be the easiest way to address the problem.
That’s where the passkey comes in. This credential is tied to your physical device and unlocked by something only you have—like a fingerprint, face scan, or device PIN. Unlike a password, a passkey can’t be phished, guessed, or intercepted. It’s stored securely on your device and never leaves it.
More importantly, it’s fast. Microsoft says passkeys are not only more secure but three times faster than typing in a traditional password. And the transition is already underway.
When creating a new Microsoft account, you won’t be asked to set a password. Instead, you’ll verify your email once and then create a passkey. For existing accounts, the sign-in experience is being redesigned to push passkeys as the default to nudge users toward a truly passwordless future.
That’s because having a passkey isn’t enough if you’re still keeping the old password around “just in case.” According to Microsoft, that’s like locking your front door but leaving the window wide open for anyone to enter.
The presence of a password—even as a backup—leaves your account open to phishing, brute-force attacks, and social engineering scams. That’s why the company says this isn’t just a shift in preference. Microsoft’s passkey update is a massive security imperative.
Millions of users have already deleted their passwords, according to Microsoft. And this change is about scaling that momentum across its entire user base.
Microsoft’s bold move sets a new bar—but not everyone is sprinting toward it. Google, for instance, still supports passwords as fallback credentials, which keeps that potential vulnerability alive.
Security researchers and privacy advocates argue that consistency across platforms will be key to making passwordless systems mainstream. For now, Microsoft is leading the charge, both in tech and in messaging clarity.
