Pushing passkeys forward: Microsoft’s latest updates for simpler, safer sign-ins

May 21, 2025

Passwords are the first line of defense against threat actors, and as the years have passed, it has become increasingly clear that they are a rather shoddy and failure-prone line of defense. Although well-intentioned, passwords are susceptible to many diverse forms of compromise. The most common problem is password reuse: if a threat actor gets their hands on a password database, they can attempt the same account and password combination across a wide range of services and are likely to score some successes. Even without this, passwords can be brute forced: in 2024 alone, threat actors attempted roughly 7000 password attacks per second, more than double the rate of the previous year. Advances in technology have made brute forcing more feasible, and even if there was a countermeasure for this, social engineering attacks have separated countless individuals from their passwords independent of technology.

It has become clear that the future of authentication has to become something that cannot be guessed through brute force, cannot be stolen by phishing, and provides more convenience to the average user than having to remember a complex alphanumeric sequence. The solution, according to the FIDO (Fast Identity Online) Alliance, of which Microsoft is a member, is passkeys. Passkeys, as provided by Windows Hello, take one of three forms: Face ID, fingerprint, or PIN. The former two are biometric authentication methods, which are much harder to acquire through fraud, though not impossible.

Moving towards the future, Microsoft in particular is committed towards making not just Windows devices, but Microsoft accounts fully passwordless. Going forward, their plan is to make new accounts passwordless by default, offering multiple authentication options to replace the password. One of these options, a non-biometric alternative, is the simple one-time code, commonly used as a supplement to passwords, delivered through an authenticator app. Microsoft fully believes that passkeys are more secure, easier to use, and less susceptible to fraud than passwords. While time will tell exactly how true that is, it is a proven fact that the password system has so many flaws that any change is likely to be an improvement.

More from Blackwired

May 28, 2025

Scattered Spider snared financial orgs before targeting shops in Britain, America

Scattered Spider resurfaces, hitting UK/US retailers; next targets may be crypto firms via social engineering attacks.

Read more
May 14, 2025

Using Blob URLs to Bypass SEGs and Evade Analysis

Hackers use Blob URIs to host phishing pages locally, bypassing detection and exfiltrating credentials undetected.

Read more
May 7, 2025

Claude AI Exploited to Operate 100+ Fake Political Personas in Global Influence Campaign

Claude AI was misused to run a propaganda network, showing new risks of AI in digital influence and fraud.

Read more

© 2024 Blackwired. All Rights Reserved.