Microsoft has expanded the availability of its passkey authentication support to more users. So now, consumer with personal Microsoft accounts can also use passkeys to ensure secure logins for their accounts.
Microsoft Rolled Out Passkey Authentication For Different Platforms
As passwordless authentication gets common as a secure login alternative, Microsoft also expands passkey authentication support for its users. Previously available for signing-in to websites and apps, Microsoft users can now also use this passkey authentication method for their personal Microsoft accounts.
According to a recent post from the two Microsoft officials, Vasu Jakkal, Corporate VP of Security, Compliance, Identity, and Management, and ByJoy Chik, President, Identity & Network Access, stated that users can now use their usual passwordless device locks, such as their fingerprint scans, face recognition, and device PINs, as passkeys to protect their accounts.
Regarding how it works, the officials quickly shed light on the technology in their post. Briefly, passkeys work using a pair of cryptographic keys. One of these gets stored on the users’ device, which corresponds to the users’ passkey (biometric scan or PIN), and the other is stored with the respective website or web for which the users set the passkey up.
For every site or app, a unique pair of keys is used. So, while the user may seemingly use only one factor for signing in with passkey authentication, reusing the same a few times for the other apps, it rules out the risks associated with a similar practice of using same passwords.
Moreover, this also prevents the other site or app from knowing your exact passkey method, saving your login from potential breaches.
There Are Risks with Passkey Syncing – Researchers Fear
While Microsoft’s passkey authentication sounds safer and easier, researchers fear that there still lies some privacy risks. That’s because Microsoft introduced passkey syncing with this feature, which means your passkeys will be available across multiple devices.
Microsoft believes this passkey syncing saves users from the hassle of managing/accessing passkeys in case of device(s) upgrades or losses.
However, researchers fear that this may put the passkeys at risk if an adversary successfully accesses the passkeys on any one of the devices.
For now, we leave it to our readers to decide whether they use Microsoft Passkey authentication. Users interested in setting up this login method may find the relevant settings within their Microsoft accounts (follow the steps stated here if you face trouble setting it up.)
Let us know your thoughts in the comments.