Microsoft has recently confirmed that they will gradually put out an update that aims to use third-party providers to replace passwords with passkey. If you aren’t sure what exactly that entails, you aren’t alone. Here’s what this change will mean for you and your passwords.
Microsoft’s Intent to Gradually Replace Passwords
On November 22nd, a post to the official Windows Insider blog confirmed that Microsoft intends to ultimately move towards authentication that doesn’t rely on passwords, and they want to begin the move sooner rather than later. The long and short of it is the fact that Microsoft wants passkeys to be the future of security for Windows 11 users, and it will have an impact on you eventually.
That said, it’s not like every password you use is going to disappear with a singular Windows update. This is a gradual process, as completely moving beyond passwords, which hundreds of millions of people rely on for security, is going to take time.
In fact, even though Microsoft wants to ultimately move beyond passwords, they know it will take long enough that they still have to improve password security too in the meantime.
Still, things are changing, so let’s talk about how this gradual update is going to work and how it will affect us Windows 11 users.
The Current Passkey Update Plan is Optional
Windows users have had access to native passkey support before now thanks to the Windows Hello feature, but these upcoming changes using third-party passkey support will make things a reality for a lot more users. Currently, the plan is for Microsoft to introduce updates to WebAuthn APIs, which will support a plugin authentication model for passkeys.
As this update rolls out, this will allow Windows users to choose third-party providers of passkey authentication alongside the native Windows support. The goal is to create a seamless passkey authentication experience, which you’ll already be used to if you’ve been using Windows Hello prior to now. That said, this is not currently planned as a forced update that every Windows 11 user has to accept.
Make no mistake, passkeys might be the future of security, but since passwords are so widespread right now, Microsoft isn’t going to force a big change on you all at once. You don’t have to switch from passwords to passkeys even if the option is available to you thanks to the upcoming update. That said, you may want to consider it, since passkeys are more secure than passwords.
Switching to Passkeys Over Passwords is a Good Idea
To understand why passkeys are more secure than passwords, we’ll have to discuss the differences between them. A password, as you know, is a string of letters, numbers and symbols which, when used alongside a username or login email, lets you log into your account on some service.
The problem with passwords is that they can be guessed or determined by threat actors, using a variety of methods, like brute force, keylogging, password spraying, and more. If they can figure out your password, they can gain access to any information that password is protecting. On top of that, remembering passwords across various platforms and websites is often a pain. These are issues that passkeys don’t have.
Explaining passkeys is a little complicated, but it goes something like this: a passkey is a pair of cryptography keys, a private key and a public key, which, when combined, unlocks your account without ever having to input a username or a password. Websites and apps will store a unique public key, while the device you are using keeps your private key. After you verify your identity on your personal device, the two keys will combine and give you a unique passkey.
Usually, whichever device or software is generating a passkey will verify your identity using a biometric authentication tool, such as TouchID or FaceID. Passkeys are unique to each app and website you use it on, and all of this combined results in a couple of security advantages compared to traditional passwords.
For one, passkeys aren’t stored on servers, they reside on your personal device. This means your passkey can’t get leaked in a data breach like passwords can. Two, even if a passkey is somehow compromised, it doesn’t open up all of your accounts to attack. If you are the type of person to use similar passwords across accounts for different services, one compromised password places everything at risk. Passkeys don’t have that problem.
Finally, passkeys are immune to common password threats, like brute force attacks or phishing. Now, none of this is to say that passkeys are invulnerable and that using them guarantees safety from hackers. You still have to worry about things like cookie hijacking, which can get around them. Even so, passkeys have many advantages over passwords, and will increase your online safety overall.
What if You Want to Keep Using Passwords?
Passkeys are great, but what if you just really want to stick with what you know? We all have certain comfort zones, certain areas where we just don’t want to learn something new over what we’re used to. Well, you may have no choice but to use passkeys in the future, but for now, you can keep using passwords if you want to. You just might want to consider taking a few extra steps to make them more secure.
I could tell you straight-forward things like “use very complex passwords” and “don’t use similar passwords ever,” but you probably already know about those tips. And let’s be honest, even though we all know those things, the problem with executing them usually relates to managing them. With how many passwords you need these days, it’s way too hard to remember dozens of complex and varied passwords.
This is where a password manager comes in. Bitwarden, 1Password, LastPass, whatever it is you prefer, a password manager will make the creation and management of strong, complex passwords much easier. With a password manager, you only have to remember one strong master password, which will give you access to the password manager and all of those other complex passwords it has written down.
Most password managers also have a built-in random password generator, so you can rest assured that you are actually creating strong passwords for any new accounts. Admittedly, passkeys are still better, but if you want to stick with passwords for the foreseeable future, a password manager is the way to go.
In the end, this gradual update from Windows isn’t something you need to worry about if you’re scared of being forced to change to passkeys. In the long run, switching to passkeys is a good idea, but you can keep using passwords to keep your stuff fairly secure, assuming you take the necessary steps.