We’re just gonna say it: Passwords are terrible.
They aren’t secure. They’re easy to steal, and most people reuse the same passwords no matter how many times we shout that it’s a bad idea 🙂.
That’s why we’ve recommended two-factor authentication (2FA) and multi-factor authentication (MFA) for years. They make your accounts and devices exponentially safer and very hard to compromise. But we know they can be a hassle to use, and they still aren’t bulletproof.
In the past couple of years, we’ve started tentatively recommending a newer solution that’s even more secure and even easier to use: passkeys. We haven’t gone all-in on them yet, but new updates from Microsoft make them more attractive for business use than ever before.
What Are Passkeys Again?
Passkeys are an authentication system that uses the security built into a device you already own — stuff like Face ID and fingerprint recognition — to log you into systems and services, even on other devices you use. There’s a lot of tech under the hood using something called the FIDO2 (or Fast IDentity Online 2) standard, which relies on public key cryptography. Essentially, the system generates both a public and a private key. The private key never leaves your device (or your cloud service — more on that later). The public key gets encrypted and shared with the service you’re trying to log into. From there, every time you attempt to log in, your private key and the public key connect and let you in.
We know it’s a lot — like we said, lots going on under the hood. You can read a detailed explanation from Microsoft if you want to know more, but in a nutshell: passkeys pair a private key on your device with a unique public key on the service you’re logging into. You verify your identity using your device (fingerprint, facial scan, random code generator, etc.), and that’s it. No passwords to steal; nothing that can be intercepted.
Why Passkeys Haven’t Quite Taken Over…Yet
We haven’t exactly gone all-in on passkeys because they aren’t universal yet. Some services and websites have them enabled; others don’t. And because they are tied to your smartphone in a way, there can also be some tricky things regarding what happens if you have to replace a device unexpectedly.
Google and Apple have mostly solved this already: if you use Chrome, Google Password Manager, and Android, Google saves your passkeys within the password manager. Log in with a new device, prove you’re you, and all your passkeys instantly transfer over. It’s even easier if you’re all-in with Apple; all passkeys live in your iCloud keychain and magically show up on every Apple device you log into.
But up until now, Microsoft didn’t offer anything like that. So there was at least a chance that a passkey that relies on a Microsoft PC could get lost.
New for Microsoft: Passkeys in the Cloud with Edge
Well, Microsoft has joined Apple and Google with a first-party solution that makes passkeys easier and safer to use on PCs.
It’s going to live in Microsoft Edge, similar to how Google enables Chrome to store passkeys.
It sounds a little strange saying that your private key now lives in the cloud — wouldn’t that be less secure? But it’s actually just as secure, and the concept has been proven effective for several years already (thanks to Google and Apple).
With this change, you’ll be able to securely sign into any Windows 11 PC without remembering or providing a password. As long as you can access your Microsoft Password Manager, you’ll be good to go.
We know passkeys can seem nebulous and a bit murky, but they really are a security best practice for the services that support them. What that means for you: if a service asks if you want to create a passkey for more secure, more convenient logins, then do it. Eliminating password-based security is always a step in the right direction. Need more information, reach out to us!