World Passkey Day: Advancing passwordless authentication

This World Passkey Day, read how Microsoft is advancing passkey adoption to replace passwords, cut phishing risk, and deliver simpler, more secure sign-ins. The post World Passkey Day: Advancing passwordless authentication appeared first on Microsoft Security Blog .

World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential. Real progress requires more than adding stronger sign-in options—it requires removing phishable credentials and strengthening common attack paths like recovery flows.

In partnership with the FIDO Alliance, Microsoft is committed to advancing passkey adoption through ongoing standards work, active participation in working groups, and other contributions to a passwordless future. Explore Microsoft Entra identity and access solutions Passwords remain a major source of risk; they’re difficult to manage and easy to steal. Along with weaker forms of multifactor authentication, they’re also highly vulnerable to phishing: AI-powered campaigns drive click-through rates as high as 54%. 1 In response, Microsoft is expanding passkey adoption across our ecosystem.

We’re reducing reliance on legacy authentication and strengthening account recovery so it won’t become a backdoor for cyberattackers. “Instead of vulnerable secrets or potentially identifiable personal information, a passkey uses a private key stored safely on the user’s device. It only works on the website or app for which the user created it, and only if that same user unlocks it with their biometrics or PIN. This means passkey users can’t be tricked into signing in to a malicious lookalike website, and a passkey is unusable unless the user is present and consenting.

These are some qualities that make passkeys a ‘phishing-resistant’ form of authentication. ” From Microsoft Digital Defense Report . Passkey adoption continues to grow industry wide Passkey adoption is accelerating: FIDO Alliance estimates 5 billion passkeys already in use worldwide. 2 Across Microsoft’s consumer services, including OneDrive, Xbox, and Copilot, hundreds of millions of users sign in with passkeys every day. There are many reasons to choose passkeys as the standard authentication method over passwords.

Sign-in success rates are significantly higher than with passwords, and exposure to credential-based attacks is significantly lower. 3 Organizations and individual users alike prefer the simpler, more secure sign-in experience passkeys offer. 4 Inside Microsoft, we’ve eliminated weaker authentication methods and rolled out phishing-resistant authentication, covering 99. 6% of users and devices in our environment. 5 It’s made signing in a lot simpler: no codes to enter, no extra prompts to manage, just a straightforward experience for everyone.