News

Microsoft Backs Passkey Standard, Signals Developers to Build Passwordless by Default

• By Chris Paoli
• May 7, 2025

Microsoft marked the inaugural World Passkey Day (formerly World Password Day) by reaffirming its push toward a passwordless future—signing the FIDO Alliance’s Passkey Pledge and joining other major tech players in accelerating adoption of modern, developer-friendly authentication standards. For engineers, it’s a signal that passkeys are moving from optional to inevitable—and it’s time to start building with them in mind.

The pledge reflects a broad industry commitment to replace traditional passwords with passkeys -- secure, phishing-resistant credentials that use biometrics or a device PIN for sign-in. Passkeys are not only safer than passwords but also more user-friendly, according to the company, with Microsoft reporting sign-ins that are eight times faster and nearly three times more successful for those who choose passkeys over passwords.

"Last year, we introduced passkey support for Microsoft accounts for our consumer apps and services like Xbox and Copilot, and now we see nearly a million passkeys registered every day," said Microsoft's Joy Chik, president, Identity and Network Access, and Vasu Jakkal, corporate vice president, in a joint blog post. "Because they're not entering complex characters or one-time codes, users signing in with passkeys are three times more successful at getting into their account than password users (about 98 percent versus 32 percent)."

Microsoft said that nearly all Windows users with Microsoft accounts now sign in using Windows Hello, and new accounts are now created as passwordless by default. As part of a broader effort, the company also unveiled a redesigned sign-in experience that prioritizes passkeys, automatically suggests the most secure sign-in method, and gradually phases out visible password options.

The push builds on a decade-long shift that began with the debut of Windows Hello, which enabled biometric logins and laid the groundwork for future authentication models. That evolution continues in Windows 11, which, as reported last year, offers native support for device-bound passkeys stored locally or in the cloud via Microsoft Edge and Windows Hello.

The timing is critical, Microsoft emphasized, as cyberattacks targeting password-protected accounts continue to escalate, according to the company. Microsoft recorded over 7,000 password attacks per second last year -- more than double the rate seen in 2023.

"Bad actors know that the password age is ending, and that the number of easily compromised accounts is shrinking," said Microsoft. "In response, these bad actors are devoting considerable resources to automating brute force and phishing attacks against any account still protected by a password."

According to the FIDO Alliance, more than 15 billion accounts globally can now be secured with passkeys. Microsoft says more progress is needed and is encouraging users to begin the transition by converting at least one account to passwordless today.