Whether you use a Mac or PC, iPhone or Android, you likely have a lot of passwords to deal with. Even if you make all those passwords strong and unique (which many of us don’t), it’s still a vulnerable form of authentication. If a company has a data breach, your password is out there for bad actors to find and use.
Sure, adding two-factor authentication to the mix dramatically improves your security, but between using a password manager and setting up 2FA for all your accounts, it gets complicated fast. Companies in big tech, like Microsoft, see a better way, and a path to eventually kill off passwords for good: passkeys.
What are passkeys?
Passkeys are fundamentally more secure (and convenient) than passwords. Instead of coming up with a series of characters that unlocks access to a device or account, your device becomes the key to unlocking those things, relying on the built-in authentication to prove your identity. It’s like the best of two-factor authentication, except more secure.
Here’s how it works: When you create a passkey on your device, say, your Windows PC, a private cryptographic key is established on that device. A public key that matches your private key is sent to the corresponding company, in this case Microsoft. Now, when you go to log into an account that supports your Windows passkey, Microsoft’s servers receive a request about it. Their systems will reach out to your device to make sure the keys actually match up, via authentication such as fingerprint or face scan, or the PIN or password you use to unlock the device itself. If it’s match, you gain access to the account or service. If not, tough luck.
That’s what gives passkeys the security advantage here. Without physical access to your device and the authentication method necessary to log you in, bad actors can’t break into your various accounts. There’s no password for companies to accidentally leak to the world, nor are there 2FA codes for bad actors to trick you into handing over. As long as you don’t publicize the PIN to your phone or PC, and you keep a hold on those devices, your accounts are secure.
Windows 11 is going all-in on passkeys
Microsoft has been gung-ho about passkeys for a while now, so it’s not a surprise to see more support rolling out in the company’s big upcoming Windows 11 update. Microsoft says once you create a passkey with Windows Hello, you’ll be able to access websites and apps that support Windows passkeys with just your face, fingerprint, or PC PIN.
But in bigger news, this Windows 11 update is adding a passkey manager to the mix: You’ll be able to open Settings > Accounts > Passkeys to manage all the passkeys you have attached to your PC. In addition, you can save passkeys on your phone, and sign in using your phone’s authentication methods. That means if you’re away from your PC and need to sign into GitHub, you can scan your face on your phone to grant entry.
This support is expanding to businesses, as well. IT teams will be able to skip mandatory passwords on devices, and prompt users to use a more secure login option like passkeys.