“Unlocking” the Future: The Power of Passkeys in Online Security

Cloud, Microsoft, Security 3 Minutes

I’ve written about passwordless solutions for some years now, and I’m glad to be able to write about another interesting technology in this area, namely passkeys, especially since Microsoft just announced integrated support for them in Windows 11!

In today’s digital age, the need for robust online security has never been more crucial. With the constant threat of cyberattacks and data breaches, traditional passwords are often seen as a weak link in the chain of online protection. However, there is a game-changer on the horizon – passkeys. In this article, we will delve into the world of passkeys, exploring how they work, their advantages over traditional passwords, and how you can use them on your Windows devices.

The Problem with Passwords

Passwords have been a staple of online security for decades, but they come with their own set of challenges. Users are burdened with the task of creating and remembering complex passwords for multiple websites and applications. This often leads to weak and easily guessable passwords, making it a field day for hackers and cybercriminals. Moreover, the need to reset passwords or recover accounts due to forgotten credentials is a common headache for both users and service providers.

Passkeys to the Rescue

Passkeys represent a leap forward in online security. Unlike passwords, which users must remember and type, passkeys are securely stored as secrets on a device. They can leverage a device’s unlock mechanism, such as biometrics (e.g., fingerprint or facial recognition) or a PIN, to provide secure access to websites and applications. This not only enhances security but also streamlines the authentication process, making it faster and more convenient for users.

How Passkeys Work

Passkeys are built on the foundation of the FIDO (Fast Identity Online) industry security standard, championed by major technology companies like Microsoft. This standard relies on public/private key cryptography to offer robust authentication. Here’s how it works:

  1. Key Pair Generation: When a user registers with an online service, their device generates a unique key pair. The private key is securely stored on the user’s device, while the public key is registered with the service.
  2. Authentication: To authenticate, the user’s device must prove that it possesses the private key by signing a challenge sent by the service. This ensures that only the legitimate device can access the account.
  3. Privacy Focus: FIDO protocols are designed with user privacy in mind. They prevent online services from sharing information or tracking users across different services. Biometric data used in the authentication process remains on the user’s device and is not transmitted over the network.

Advantages of Passkeys

Passkeys offer several advantages over traditional passwords:

  1. Ease of Use: Passkeys are easy to create and eliminate the need to remember complex passwords.
  2. Unique for Each Service: Each passkey is unique to a website or application, preventing reuse and enhancing security.
  3. Resistant to Phishing: Passkeys are difficult for attackers to guess or obtain, making them resistant to phishing attempts.
  4. Cross-Device Authentication: Passkeys can be used on different devices, allowing seamless authentication across platforms.

Windows Support for Passkeys

Windows has embraced passkeys as a secure authentication method. Starting with Windows 11, version 22H2 (with KB5030310), Windows provides a native experience for passkey management. However, passkeys can be used on all supported versions of Windows clients.

How to Create and Use Passkeys on Windows Devices

Creating and using passkeys on Windows devices is a straightforward process:

  1. Create a Passkey:
    • Open a website or app that supports passkeys.
    • Create a passkey from your account settings.
    • Choose where to save the passkey, either locally on your Windows device, on a mobile device, or on a security key.
    • Select a Windows Hello verification method and complete the setup.
  2. Use a Passkey:
    • Open a website or app that supports passkeys.
    • Select “Sign in with a passkey” or a similar option.
    • Use Windows Hello or your chosen verification method to sign in.
  3. Manage Passkeys (Windows 11, version 22H2 and later):
    • Navigate to Settings > Accounts > Passkeys.
    • View and manage your saved passkeys, including deleting them if necessary.

Windows Edition and Licensing Requirements

Passkeys are supported on various Windows editions, including Windows Pro, Windows Enterprise, Windows Pro Education/SE, and Windows Education. The specific licensing requirements vary, so ensure your edition and licensing match the criteria.

Unlocking a Secure Future

Passkeys represent a significant step forward in online security, addressing many of the shortcomings of traditional passwords. With the support of major technology players and growing integration across websites and applications, passkeys are poised to redefine how we authenticate ourselves online. As Windows users, you have the opportunity to embrace this technology and experience the enhanced security and convenience it offers. The future of online authentication is here, and it’s time to unlock its potential with passkeys.

Please follow me here, on LinkedIn and on Twitter!

@DanielChronlund

Published by Daniel Chronlund

Daniel is a Microsoft Security MVP, Microsoft 365 security expert, blogger and consultant at Truesec, based in Sweden.

Published

Leave a comment