A while back, we posted about how a new technology called passkeys was on its way, and we hoped that passkeys would one day eliminate insecure username and password logins for good.
Well, we’re more than two years in (Google started rolling out passkeys in May 2023), and we have to be honest: passkeys haven’t exactly taken over the internet yet.
We’ll get into why, why it’s still a good idea to use them, and how Microsoft is making this easier in 2025.
But first, a reminder of what passkeys actually are.
What Is a Passkey?
A passkey operates behind the scenes to securely authenticate users and devices, proving you are who you say you are through a variety of factors and methods. Rather than relying on a username and password (that can be easily stolen, guessed, or brute-forced), passkeys use advanced cryptography and biometric data (like your face or fingerprint) to establish trust.
Passkeys have two parts: one remains on your device, and the other remains with the service you’re logging into. You can’t give away the “key” in the way people can get tricked into giving up their passwords (like through phishing schemes).
In short: Compared to passwords, passkeys are far easier to use, far harder to hack or crack, and far more effective at establishing trust and authentication.
Passkey Adoption Has Been Muted. Why?
Passkeys are here, but so far adoption has been fairly weak. FIDO Alliance, the group behind passkeys, recently surveyed the public and found that, while 75% of respondents had heard of passkeys, only 23% had implemented them widely.
But if passkeys are so much more secure compared to usernames and passwords, we have to ask the question: why aren’t more people using them?
One potential reason is that people don’t understand how they work. We’ll admit, our explanation above isn’t as clear as “the system recognizes the password you typed in and lets you in.” Passkeys are doing a lot of heavy lifting behind the scenes, and it’s not as obvious to the average user what exactly is going on.
Another big reason why uptake is slower than we’d like: friction. Some systems and platforms make it incredibly easy to set up a passkey. Google has been proactive about it, too, repeatedly nudging users to upgrade their security to a passkey. But other systems, operating systems, and software makers haven’t made it quite as easy or efficient to make the jump.
Take Windows, for example. Microsoft supports passkeys, but not smoothly and not everywhere. Until now, using them in Windows hasn’t felt smooth or effortless. Many rely on third-party apps or sites to make passkeys work.
New from Microsoft: Smoother Passkey Integration
New features are on the way to Windows 11 that will make it much easier to set up, use, and manage passkeys. One big one is a built-in integration with the popular password manager 1Password. Many users already store passwords (and now passkeys) using 1Password, and now those passkeys will sync effortlessly with Windows 11.
Microsoft is also making the building blocks of this integration available to other password managers, so if you use a competitor to 1Password, chances are they will push out a similar update soon.
Another big change on the way: the built-in Microsoft Authenticator app is pushing harder into passkeys. Soon, passkeys will be the default method for logging into your Microsoft accounts, and password management will be phased out of Authenticator completely in the coming years.
If you’re still on the fence about passkeys or aren’t sure how to roll them out the right way for your business, get in touch. We’re passionate about helping business clients improve their digital security, and this includes passkeys. Reach out today!