Microsoft makes passkeys the default for new accounts, enabling passwordless access for 15 billion users.

A year back, Microsoft began letting people use passkeys for their accounts. Now, they've made a big update. When you create a new account, you'll use a method that's safer from phishing scams instead of traditional passwords.

  Privacy & Data Protection   May 2, 2025  Add to Reading List
Microsoft makes passkeys the default for new accounts, enabling passwordless access for 15 billion users.

A year back, Microsoft began letting people use passkeys for their accounts. Now, they've made a big update. When you create a new account, you'll use a method that's safer from phishing scams instead of traditional passwords.

According to Microsoft's Joy Chik and Vasu Jakkal, "New Microsoft accounts will be password-free from the beginning." This means new users can choose from several options to log in without ever needing a password. Existing users have the choice to remove their passwords through their account settings.

The company has also made it simpler for people to log in and sign up by focusing on methods that don't involve passwords. The sign-in process now automatically chooses the best method for your account and makes it the default.

For instance, if your account can use both a password and something like a "one-time code," you'll be prompted to use the one-time code. After signing in, you'll be advised to set up a passkey for added security.

Microsoft's move, along with efforts from Apple, Google, Amazon, and others, marks an ongoing shift toward getting rid of passwords altogether. Password-based hacks are still a major issue, so using passkeys is a key step toward stronger account protection.

In September 2023, Microsoft introduced passkey support in Windows 11. Around that time, Google also made passkeys the default login method worldwide. Last year, Microsoft updated Windows Hello to include this technology.

Passkeys offer a safer method to log into websites and apps. They are backed by the Fast Identity Online (FIDO) Alliance and use sophisticated cryptography techniques to confirm who you are.

When someone registers with an online service, their device, like a phone or PC, generates a pair of keys. The private key is securely stored on the person's device, while the public key is registered with the online service.

During login, the device uses the private key to solve a challenge after the user confirms their identity with something like face or fingerprint recognition.

In October 2024, the FIDO Alliance said it's collaborating with others to make it easier to transfer passkeys and other credentials between different platforms and improve how they work together. More than 15 billion accounts can now use passkeys instead of passwords.

Recently, the FIDO Alliance launched a Payments Working Group (PWG) to craft solutions for using FIDO in payment situations.

The PWG will "identify and evaluate existing and new solutions to meet payment authentication needs" and set "guidelines for using passkeys and/or other recommended FIDO solutions with current payment technologies."