Passwords have been the entrance key to our digital life for decades. But his reign is in decline. Not only because of the safety risks that they entail when they are used alone, but because more modern, effective and easy to use alternatives have emerged. Passkeys are the great commitment of the industry to replace them, and Microsoft has just taken a decisive step to make this a daily reality.
Create an account without defining a key. From now on, anyone can create a Microsoft account without having to establish a password. And it is not a secondary option: it is the new default behavior. We have tried it and the process is really simple.
When accessing account An email is requested as a verification method, the code sent to that email is introduced and we are offered to “log in with the face, fingerprint or pin”. Neither trace of fields to write complex passwords nor arbitrary requirements. When continuing, a passkey is generated that is automatically saved in the device manager, such as Icloud Keychain in the case of Safari, or in the browser itself if we use Edge or Chrome.
Passkeys are placed in the center. This change is part of a broader strategy that Microsoft has developed together with the Fido Alliance and other great technological ones. Passkeys are cryptographic keys based on open standards, designed to offer faster, safer and faster access to phishing. Instead of storing a password on a server, what is saved is a public key. The private key, the one that authentic the user, remains on his device and is never shared.
Thanks to this design, the passkeys eliminate the classic attack vectors. There is nothing to intercept, steal or guess. And the best thing is that they work with a single gesture: unlock the device as we do daily.
What Microsoft says. The company ensures that almost one million passkeys register every day in their services. And their internal figures reinforce the bet: users who log in with Passkey have a 98% success rate, compared to 32% of those who try with password and two steps verification. In addition, log in with Passkey, they claim, it is up to eight times faster.
“We believe that a good user experience and good security go hand in hand,” says Microsoft. In fact, its new registration and login flow always prioritizes options without password. If it detects that the user already has a passkey or an alternative authentication system configured, he will use it by default. The classical password only appears as the last resort. In internal tests, this experience has reduced the use of passwords by more than 20%.
A transition underway, but with nuances. This is not the immediate end of passwords, but the beginning of its decline. Although Microsoft maintains the possibility of using passwords in existing accounts, it encourages users to eliminate them from the configuration. In parallel, it works to minimize its use in each login.
In any case, the comfort of the Passkeys should not make us forget an important point: you have to know where and how we store them. If all synchronized devices are lost, we will need to have configured recovery options (if available in the service we have chosen to store them).
An response to the rise of cyber attacks. The industry moves because the attackers also do it. According to Microsoft, password -based attacks exceeded 7,000 attempts per second last year, more than double than in 2023. As the passkeys adopt more, the focus of the attackers is concentrated in traditional methods.
Fido Alliance estimates that more than 15,000 million accounts can already use Passkeys instead of passwords. But there is still on his way. The adoption is growing rapidly, with companies such as Google, Paypal, Shopify or Yahoo! Japan implementing these access keys in their systems.
Change of era. Passkeys are not just a technical advance. They represent a cultural transformation in the way we understand digital security. A more fluid experience, without keys to remember, without codes to introduce, although still with pending improvements. Now, with Microsoft as one of the most active drivers, it seems that the era without passwords is closer to consolidating.
Images | Microsoft | Screen capture
In WorldOfSoftware | How to change all our passwords according to three cybersecurity experts
In WorldOfSoftware | It is possible that your favorite Chrome extension is sold to a third party and turns it into malicious: it is increasingly frequent
