World Passkey Day: Advancing passwordless authentication

World Passkey Day is an opportunity to mirror on progress towards a shared objective: lowering our reliance on passwords and different phishable authentication strategies by accelerating passkey adoption. As cyberattacks develop into extra automated and AI-powered, every account is barely as safe as its weakest credential. Actual progress requires greater than including stronger sign-in choices—it requires eradicating phishable credentials and strengthening widespread assault paths like restoration flows. In partnership with the FIDO Alliance, Microsoft is dedicated to advancing passkey adoption by ongoing requirements work, lively participation in working teams, and different contributions to a passwordless future.

Passwords stay a significant supply of danger; they’re tough to handle and simple to steal. Together with weaker types of multifactor authentication, they’re additionally extremely weak to phishing: AI-powered campaigns drive click-through charges as excessive as 54%.¹ In response, Microsoft is increasing passkey adoption throughout our ecosystem. We’re lowering reliance on legacy authentication and strengthening account restoration so it received’t develop into a backdoor for cyberattackers.

Passkey adoption continues to develop business broad

Passkey adoption is accelerating: FIDO Alliance estimates 5 billion passkeys already in use worldwide.² Throughout Microsoft’s shopper providers, together with OneDrive, Xbox, and Copilot, a whole lot of thousands and thousands of customers check in with passkeys each day.

There are various causes to decide on passkeys as the usual authentication technique over passwords. Signal-in success charges are considerably greater than with passwords, and publicity to credential-based assaults is considerably decrease.³ Organizations and particular person customers alike want the easier, safer sign-in expertise passkeys supply.⁴

Inside Microsoft, we’ve eradicated weaker authentication strategies and rolled out phishing-resistant authentication, protecting 99.6% of customers and gadgets in our surroundings.⁵ It’s made signing in so much easier: no codes to enter, no further prompts to handle, only a easy expertise for everybody.

Product updates throughout sign-in and restoration

Throughout Microsoft, we’ve been steadily constructing passkey help into each layer of the identification expertise from shopper accounts to enterprise entry with Microsoft Entra, and from device-based authentication like Home windows Hi there to Microsoft’s password supervisor. This work ensures folks can create and use passkeys wherever they check in, with a constant, phishing-resistant expertise throughout gadgets, apps, and environments.

To make passkeys extra accessible, we’re increasing the place and the way folks can use them:

• Synced passkeys and passkey profiles in Microsoft Entra ID make it simpler to scale passwordless sign-in throughout various environments. We’re increasing flexibility in cloud passkey administration, together with help for bigger and extra advanced insurance policies, and transitioning tenants to a unified passkey profile mannequin.
• Entra passkeys on Home windows make it easy for customers to create and use device-bound passkeys instantly on private or unmanaged Home windows gadgets utilizing Home windows Hi there, and shall be usually obtainable in late Might 2026.
• Passkeys for Microsoft Entra Exterior ID shall be usually obtainable late Might 2026, so your customer-facing purposes can supply a extra seamless, consumer-grade sign-in expertise.
• Passkey-preferred authentication in Microsoft Entra ID (preview) detects registered strategies and prompts the strongest one first. If a passkey is registered, that’s what the consumer sees—instantly. 
• On the patron aspect, with Microsoft Password Supervisor, customers can now save and sync passkeys throughout gadgets signed in with their Microsoft account, with help for iOS and Android rolling out quickly by Microsoft Edge. 

Account restoration additionally performs a vital function in sustaining the integrity of identification techniques. Traditionally, it’s been weak to cyberattackers who attempt to hijack the restoration course of, for instance by impersonating reliable customers and requesting new credentials.

Microsoft Entra ID account restoration, usually obtainable at present, strengthens safety for restoration flows by enabling customers to regain entry to their accounts by a sturdy identification verification course of. Customers can regain entry after shedding all authentication strategies by utilizing government-issued ID and biometric face checks. At basic availability, we’re increasing our identification verification ecosystem with two new companions—1Kosmos and CLEAR1—becoming a member of our current companions Au10tix, IDEMIA, and TrueCredential. 

Eradicating phishable credentials from consumer accounts

Strengthening authentication is vital, however lowering danger means eliminating phishable credentials completely. Microsoft is constant to part out legacy strategies and transfer customers towards phishing-resistant authentication. Beginning in January 2027, safety questions shall be eliminated as a password reset choice in Microsoft Entra ID on account of their susceptibility to guessing and social engineering.

The rationale is easy: enhancing sturdy strategies whereas eradicating weak ones shrinks the assault floor. That is more and more pressing as AI brokers act on behalf of customers. If an identification is compromised, cyberattackers can leverage these brokers to entry techniques, execute workflows, and function inside current permissions. Organizations want to handle this danger rapidly.

A safer and usable future

Final 12 months, Microsoft joined dozens of organizations in taking the Passkey Pledge, a dedication to accelerating the adoption of phishing-resistant authentication and to transferring past passwords. Since then, we’ve seen significant progress, from a whole lot of thousands and thousands of better-protected shopper accounts to large-scale deployments throughout organizations like our personal.

What as soon as felt like a long-term shift is lastly gaining actual momentum: authentication is turning into easier, safer, and passwordless.

For a extra in-depth perspective on how cyberattackers attempt to bypass authentication by fallback strategies and restoration flows—and tips on how to deal with these gaps—learn our companion publish.

Getting began

Organizations that wish to strengthen their identification safety posture can allow passkeys for his or her customers and lengthen coverage protections throughout each sign-in and restoration eventualities.

Get began with a phishing-resistant passwordless authentication deployment in Microsoft Entra ID.

People can create and use passkeys for his or her private accounts for higher safety and comfort.

To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.

¹Microsoft Digital Protection Report 2025.

²FIDO Alliance experiences mainstream international utilization on World Passkey Day. FIDO Alliance, 2026.

³Synced passkeys and excessive assurance account restoration, Microsoft Entra weblog. December 16, 2025.

⁴FIDO Alliance Champions Widespread Passkey Adoption and a Passwordless Future on World Passkey Day 2025, FIDO Information Middle. Might 1, 2025.

⁵Microsoft Safety and Future Initiative (SFI) Progress Report—November 2025.