Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

May 21, 2025

Passwords are the first line of defense against threat actors, and as the years have passed, it has become increasingly clear that they are a rather shoddy and failure-prone line of defense. Although well-intentioned, passwords are susceptible to many diverse forms of compromise. The most common problem is password reuse: if a threat actor gets their hands on a password database, they can attempt the same account and password combination across a wide range of services and are likely to score some successes. Even without this, passwords can be brute forced: in 2024 alone, threat actors attempted roughly 7000 password attacks per second, more than double the rate of the previous year. Advances in technology have made brute forcing more feasible, and even if there was a countermeasure for this, social engineering attacks have separated countless individuals from their passwords independent of technology.

It has become clear that the future of authentication has to become something that cannot be guessed through brute force, cannot be stolen by phishing, and provides more convenience to the average user than having to remember a complex alphanumeric sequence. The solution, according to the FIDO (Fast Identity Online) Alliance, of which Microsoft is a member, is passkeys. Passkeys, as provided by Windows Hello, take one of three forms: Face ID, fingerprint, or PIN. The former two are biometric authentication methods, which are much harder to acquire through fraud, though not impossible.

Moving towards the future, Microsoft in particular is committed towards making not just Windows devices, but Microsoft accounts fully passwordless. Going forward, their plan is to make new accounts passwordless by default, offering multiple authentication options to replace the password. One of these options, a non-biometric alternative, is the simple one-time code, commonly used as a supplement to passwords, delivered through an authenticator app. Microsoft fully believes that passkeys are more secure, easier to use, and less susceptible to fraud than passwords. While time will tell exactly how true that is, it is a proven fact that the password system has so many flaws that any change is likely to be an improvement.

More from Blackwired

July 30, 2025

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

AI coding tools like Gemini CLI can hide malicious commands; users must prioritize security and sandbox all interactions.

Read more
July 23, 2025

Firmware Vulnerabilities Continue to Plague Supply Chain

Firmware flaws persist, posing major security risks as complexity grows and attackers outpace underfunded, rushed development.

Read more
July 16, 2025

Google Gemini flaw hijacks email summaries for phishing

Gemini in Gmail can be tricked by hidden prompts; AI output is now a potential attack surface needing security measures.

Read more