cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Microsoft moves towards ‘eliminating’ passwords

Windows unveiled a raft of new security measures as part of its recent Windows 11 updates, which included “empowering” users to replace passwords with passkeys to mitigate the risk of credential theft.

user iconReporter
Wed, 27 Sep 2023
Microsoft moves towards ‘eliminating’ passwords
expand image

Released in late September, the new measures will be available for download and will be default features on new installations of Windows 11.

Among the security updates include the Windows-supported transition to a passwordless future, using cross-platform passkey systems to mitigate the risk of phishing attacks and credential theft.

According to Microsoft, “a passkey creates a unique, unguessable cryptographic credential that is securely stored on your device. Instead of using a username and password to access a website or application, Windows 11 users will be able to use and protect passkeys using Windows Hello or Windows Hello for Business, or their phone.”


“This will allow users to access the site or app using their face, fingerprint, or device PIN. Passkeys on Windows 11 will work on multiple browsers, including Microsoft Edge, Google Chrome, Firefox, and others.”

Despite the announcement, not all users will have the option of using a passkey for any application of their choice.

According to Microsoft, the application or website owner will have to develop their own passkey infrastructure before offering the option of a passkey to users in place of passwords.

“Once you create the passkey on your device, the next time you sign in to that website or app from your device, it will recognise that you have its passkey, and you can use it instead of a password,” the Microsoft advisory detailed.

The move was triggered by the growing threat of credential theft.

According to findings from Microsoft, more than 65 trillion security signals are processed on a daily basis, with some 4,000 password attacks every second.

The transition to a passwordless future was just one of Microsoft’s latest security updates.

Among the other updates included enhanced end-point protection with custom app control. As part of this update, only approved apps will be allowed onto devices.

Microsoft explained that this would mitigate the risk of malicious code gaining access to a device through App Control for Business.

Microsoft also announced that it would continue investing in research and development to keep Microsoft users safe.

“In the last year, the team has dedicated 1.9 million virtual machine hours and more than 84,000 Azure CPU cores dedicated to proactively fuzzing code.

“In addition to that, we’ve made nearly 700 improvements in our code just the last few months by strengthening the software development life cycle with security checks and balances, including new automation and AI to help developers find bugs on their own,” it said.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.