Microsoft Pushes Users Toward Passkeys as Password Attacks Increase

Microsoft is once again urging users to move away from traditional passwords and adopt passkeys, warning that passwords remain one of the weakest parts of modern online security.

The company says cybercriminals continue exploiting stolen credentials through phishing campaigns, credential leaks, and increasingly sophisticated AI-assisted attacks. As a result, Microsoft wants users to shift toward passwordless authentication methods that rely on devices instead of memorized passwords.

Microsoft expands passwordless authentication

Microsoft says new Microsoft accounts are now passwordless by default. Users can sign in using passkeys, biometrics, or physical security keys instead of standard passwords.

Existing users can also remove passwords manually from their accounts and switch entirely to passwordless authentication.

According to Microsoft, the goal is to make sign-ins both safer and easier while reducing the risks tied to password reuse and fake login pages.

Windows 11 gains broader passkey support

Microsoft has also been improving passkey support across Windows 11.

The operating system now supports passkeys stored in third-party password managers such as 1Password and Bitwarden, allowing users to authenticate across apps and websites without relying on traditional passwords.

The company additionally plans broader passkey syncing support across Microsoft Edge, iOS, and Android devices, helping users access credentials more seamlessly between platforms.

Why Microsoft wants users to adopt passkeys

Unlike passwords, passkeys use device-based authentication methods such as fingerprints, facial recognition, or local PIN verification.

Because authentication stays tied to the device itself, passkeys are significantly harder to steal through phishing attacks or fake sign-in pages.

Microsoft says passkeys also remove the need to remember complex passwords, improving both convenience and security at the same time.

Passkeys continue gaining momentum across the industry

The wider technology industry has been aggressively promoting passkeys over the last few years through the FIDO Alliance initiative.

Microsoft says an estimated five billion passkeys are already in use globally.

The company also revealed that “hundreds of millions” of users already rely on passkeys when accessing Microsoft consumer services including OneDrive and Xbox.

Internally, Microsoft claims 99.6% of users and devices now use phishing-resistant authentication methods. According to the company, this shift has made sign-ins simpler, faster, and more secure for employees.

In other news, Microsoft recently added passkey sync support to Edge for Enterprise, while passkey authentication through Entra is also expanding across Windows devices.