News

Microsoft To Boost Passwordless Authentication in Windows 11

• By Gladys Rama
• 10/15/2024

Microsoft is priming Windows 11 for a more passwordless future.

The company plans to roll out new passkey-focused features to Windows Insider testers in the coming months, it said in a blog post last week.

Passkeys are a passwordless method of authentication based on FIDO2 security specifications. They're considered more immune to phishing attacks than password-based authentication because they don't rely on user credentials that can be easily stolen through malicious Web sites. Instead, passkeys use public-key cryptography, user verification (often done through biometric sensors), and credentials that are tied to the domain that originally created them.

For years now, Microsoft has advocated for passwordless authentication, introducing technologies like Windows Hello for biometric logins and the Microsoft Authenticator app for multifactor authentication. Microsoft is also a longtime collaborator of the FIDO Alliance, a leader in passkey standards.

To improve support for passwordless authentication in Windows 11, Microsoft described three upcoming enhancements in its blog.

Third-Party Passkey Vendor Support
Microsoft will allow Windows 11 to integrate with third-party passkey authentication services, including 1Password and Bitwarden, among others.

"You will be able to use the same passkey on Windows 11 that you've created on your mobile device," explained Microsoft, "and together we can raise the bar on login security with passkeys."

Improved Windows Hello Passkey Experience
Microsoft is also improving Windows Hello's UX for creating, saving and using passkeys.  

With this change, when a user navigates to a Web site that supports passkeys, they will get the option to generate a passkey for that site using their Microsoft account and Windows Hello. This is how Microsoft described the process:

As a user, you can navigate to a website that supports passkeys and get prompted to select how you want to save your passkeys. You will be asked to complete a one-time setup with your Microsoft account, and you will be prompted to save a recovery key that will be used to verify your identity and protect your passkeys through end-to-end encryption. You can then seamlessly authenticate using your preferred sign-in method (facial recognition, fingerprint or PIN), and save your passkey with Windows Hello.

That prompt screen will look like this:

One Passkey for Multiple Windows Devices
Users won't have to create a different passkey for multiple Windows devices; just one passkey can unlock them all. Per Microsoft:

Once you have created a new passkey you can choose to save it with Windows Hello and sync it so that you can also use it on another Windows device! Just login to another Windows 11 device with your Microsoft account, complete a one-time setup, and use your synced passkeys across your Windows 11 PCs. You get a simple, seamless, login experience -- all you need to do is authenticate with Windows Hello.

Passkeys generated in this way are automatically secured using end-to-end encryption and via Windows 11's Trusted Platform Module (TPM), Microsoft indicated.

Microsoft shared more about these announcements during this week's FIDO-sponsored Authenticate conference, taking place in Carlsbad, Calif.