Microsoft to Eliminate Passwords for 1 Billion Users, Shifting to MFA or Passkey Sign-ins

Microsoft, with a global user base exceeding 1 billion, is currently formulating a plan to end the era of passwords for Microsoft accounts completely, transitioning entirely to a password-less era supported by Multi-Factor Authentication (MFA) or Passkeys.

Microsoft reports that its security systems intercept over 7,000 password attack attempts every second, nearly double the rate in 2023, with man-in-the-middle phishing attacks increasing by 146%.

Given the lack of better alternatives to comprehensively address widespread password attacks, Microsoft has decided to move fully into a password-less future, where users can only log in via MFA or a Passkey.

A Passkey essentially consists of a set of cryptographic keys. Users do not need to know the content of these keys; instead, the keys are stored locally on devices or in password managers and are accessed through a PIN, facial recognition, fingerprint, or iris recognition.

Since Passkeys typically do not support downloading and exporting, the risk of Passkey exposure is extremely low. Attackers would have to remotely log into a user's system and pass Windows Hello authentication to access the Passkeys stored in Windows 11.

Microsoft emphasizes that usability and enhanced security are equally important. Although most people familiar with passwords have yet to adopt Passkey logins, the overall usage of passwords has declined with the advent of alternatives.

It's noteworthy that many Microsoft accounts currently use a combination of passwords, MFA, and Passkeys, but accounts are still at risk in such cases. Microsoft's ultimate goal is to completely eliminate passwords.

For instance, Landian.news, which currently relies on passwords for Microsoft account verification, uses an account + password + 2FA code system. It has not yet adopted Passkeys due to their inconvenience in some scenarios.

Microsoft is expected to continue improving the usability of Passkeys, which may lead Landian.news and similar users to eventually abandon passwords in favor of Passkeys as their primary login method.