Microsoft is joining a number of other tech giants in a leap toward a passwordless world — with some saying the company is going as far as deleting passwords by August.
Already this year, Microsoft announced it has gone “passwordless by default” — which requires users to use passkeys to log in by default. This lets them sign in without ever using a password.
Is Microsoft really eliminating passwords?
ARTICLE CONTINUES BELOW
No, Microsoft won’t be eliminating passwords, says John Hewie, national security officer for Microsoft Canada.
“Microsoft is not deleting passwords,” he said.
ARTICLE CONTINUES BELOW
Rather, the tech company will make changes to how passwords are managed. “We are streamlining the autofill feature so you can use saved passwords easily across devices,” Hewie explained.
Here’s a list of the changes Microsoft users need to know
ARTICLE CONTINUES BELOW
The changes are rolled out in stages with one step for each month, including:
ARTICLE CONTINUES BELOW
In June, users were no longer allowed to add or import new passwords in the Authenticator app.
In July, users will not be able to use autofill with Authenticator.
Starting August, saved passwords will no longer be accessible in the Authenticator app.
Users’ saved passwords will continue to be securely stored and synced to their Microsoft account, and people can continue to access them and enjoy seamless autofill functionality when they use Microsoft Edge, Hewie assured us.
Microsoft Edge is the company’s AI-powered browser that’s optimized for Windows. It includes features like Microsoft Defender SmartScreen, Password Monitor and InPrivate search.
“At the same time, we are encouraging everyone to adopt passkeys, where possible, for a more secure authentication method,” Hewie said.
What is Microsoft’s passwordless by default initiative?
The transition to go passwordless actually started ten years ago when the company introduced Windows Hello, Hewie said.
ARTICLE CONTINUES BELOW
The feature offered users secure sign-in options like facial recognition, fingerprint or PIN to start encouraging users to ditch their passwords that are easily stolen or leaked.
“Building on this foundation, Microsoft is now making ‘passwordless authentication’ the default for all accounts by prioritizing passkeys as a safer, simpler alternative to traditional passwords,” he said.
What are passkeys?
“Microsoft has collaborated closely with the , and with platform partners to develop passkeys — a standards-based, phishing-resistant way to access accounts using facial recognition, fingerprints or a PIN,” Hewie explained.
Passkeys are a safer, simpler and more secure alternative to passwords, and it’s the “most modern type of multi-factor authentication (MFA) (that can) make an account more than 99 per cent less likely to be compromised,” he said.
Passkeys, he explained, are built with a cryptographic key pair behind the scenes that is only unlocked by an individual’s biometric information (fingerprint or face recognition) or device PIN and will only work on the website or app it was created for.
Dave Lewis, global advisory chief information security officer at Canadian identity security
How do passkeys work?
In a previous interview with Metroland Media, Dave Lewis, global advisory chief information security officer for Ontario-based 1Password, said a passkey is like a secret handshake between the user’s device and the website.
When users sign up on a platform, a public key gets saved on the platform’s server, while the other private key stays tucked away safely on the phone or computer.
When the user logs on, the platform basically asks the user to prove their identity. The device then uses the private key to answer the website without ever showing it.
“No typing, no guessing, no sticky notes on your monitor. Just a secure password-free login that hackers can’t phish, guess or steal,” Lewis said.
Are passkeys immune to vulnerabilities?
ARTICLE CONTINUES BELOW
“While passkeys are built to be phishing-resistant and offer greater security than traditional passwords, no authentication method is entirely without risk,” Hewie said.
He still advises users to remain mindful of vulnerabilities such as device theft, malware and social engineering attacks.
“Protecting your devices, using trusted security software, and staying vigilant against phishing attempts remain essential cybersecurity practices,” he said.
Meta, which owns Facebook, Instagram and WhatsApp, is rolling out passkeys for Facebook with
Will passwords become obsolete in one to two years?
While it is difficult to predict any exact time, Hewie says the transition toward passworldess authentication is gaining momentum.
“We are likely to see a significant reduction in the use of passwords within the next few years,” he said.
ARTICLE CONTINUES BELOW
Microsoft and a number of other organizations, including tech giants Apple and PayPal, have taken the Passkey Pledge, a voluntary commitment from online service providers to increase adoption of passkeys and ditch passwords over the coming years. This explains the recent push from big companies like and to encourage or introduce the use of passkeys.
Today's Headlines ߲ݴýletter
Get our free morning newsletter
Error! Sorry, there was an error processing your request.
There was a problem with the recaptcha. Please try again.
You may unsubscribe at any time. By signing up, you agree to our and . This site is protected by reCAPTCHA and the Google and apply.
Today's Headlines ߲ݴýletter
You're signed up! You'll start getting Today's Headlines in your inbox soon.
Want more of the latest from us? Sign up for more at our newsletter page.
Loraine Centeno is a reporter with the Metroland Digital Content
Centre.
Your gift purchase was successful!Your purchase was successful, and you are now logged in. You will also start receiving our free morning newsletter soon.
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation