{“lastseen”:”2026-05-07T18:03:07″,”description”:”World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by accelerating passkey adoption. As cyberattacks become more automated and AI-powered, each account is only as secure as its weakest credential. Real progress requires more than adding stronger sign-in options\u2014it requires removing phishable credentials and strengthening common attack paths like recovery flows. In partnership with the FIDO Alliance, Microsoft is committed to advancing passkey adoption through ongoing standards work, active participation in working groups, and other contributions to a passwordless future.\\n\\nExplore Microsoft Entra identity and access solutions\\n\\nPasswords remain a major source of risk; they\u2019re difficult to manage and easy to steal. Along with weaker forms of multifactor authentication, they\u2019re also highly vulnerable to phishing: AI-powered campaigns drive click-through rates as high as 54%.1 In response, Microsoft is expanding passkey adoption across our ecosystem. We\u2019re reducing reliance on legacy authentication and strengthening account recovery so it won\u2019t become a backdoor for cyberattackers.\\n\\n\\u003e \\”Instead of vulnerable secrets or potentially identifiable personal information, a passkey uses a private key stored safely on the user\u2019s device. It only works on the website or app for which the user created it, and only if that same user unlocks it with their biometrics or PIN. This means passkey users can\u2019t be tricked into signing in to a malicious lookalike website, and a passkey is unusable unless the user is present and consenting. These are some qualities that make passkeys a ‘phishing-resistant’ form of authentication.\\”\\n\\u003e \\n\\u003e From Microsoft Digital Defense Report.\\n\\n## **Passkey adoption continues to grow industry wide**\\n\\nPasskey adoption is accelerating: FIDO Alliance estimates 5 billion passkeys already in use worldwide.2 Across Microsoft\u2019s consumer services, including OneDrive, Xbox, and Copilot, hundreds of millions of users sign in with passkeys every day.\\n\\nThere are many reasons to choose passkeys as the standard authentication method over passwords. Sign-in success rates are significantly higher than with passwords, and exposure to credential-based attacks is significantly lower.3 Organizations and individual users alike prefer the simpler, more secure sign-in experience passkeys offer.4\\n\\nInside Microsoft, we\u2019ve eliminated weaker authentication methods and rolled out phishing-resistant authentication, covering 99.6% of users and devices in our environment.5 It\u2019s made signing in a lot simpler: no codes to enter, no extra prompts to manage, just a straightforward experience for everyone.\\n\\n## Product updates across sign-in and recovery\\n\\nAcross Microsoft, we\u2019ve been steadily building passkey support into every layer of the identity experience from consumer accounts to enterprise access with Microsoft Entra, and from device-based authentication like Windows Hello to Microsoft\u2019s password manager. This work ensures people can create and use passkeys wherever they sign in, with a consistent, phishing-resistant experience across devices, apps, and environments.\\n\\nTo make passkeys more accessible, we\u2019re expanding where and how people can use them:\\n\\n * Synced passkeys and passkey profiles in Microsoft Entra ID make it easier to scale passwordless sign-in across diverse environments. We\u2019re expanding flexibility in cloud passkey management, including support for larger and more complex policies, and transitioning tenants to a unified passkey profile model. \\n * Entra passkeys on Windows make it simple for users to create and use device-bound passkeys directly on personal or unmanaged Windows devices using Windows Hello, and will be generally available in late May 2026.\\n * Passkeys for Microsoft Entra External ID will be generally available late May 2026, so your customer-facing applications can offer a more seamless, consumer-grade sign-in experience.\\n * Passkey-preferred authentication in Microsoft Entra ID (preview) detects registered methods and prompts the strongest one first. If a passkey is registered, that’s what the user sees\u2014immediately. \\n * On the consumer side, with Microsoft Password Manager, users can now save and sync passkeys across devices signed in with their Microsoft account, with support for iOS and Android rolling out soon through Microsoft Edge. \\n\\n\\n\\nAccount recovery also plays a critical role in maintaining the integrity of identity systems. Historically, it\u2019s been vulnerable to cyberattackers who try to hijack the recovery process, for example by impersonating legitimate users and requesting new credentials. \\n\\nMicrosoft Entra ID account recovery, generally available today, strengthens security for recovery flows by enabling users to regain access to their accounts through a robust identity verification process. Users can regain access after losing all authentication methods by using government-issued ID and biometric face checks. At general availability, we are expanding our identity verification ecosystem with two new partners\u20141Kosmos and CLEAR1\u2014joining our existing partners Au10tix, IDEMIA, and TrueCredential. \\n\\n## **Removing phishable credentials from user accounts**\\n\\nStrengthening authentication is important, but reducing risk means eliminating phishable credentials entirely. Microsoft is continuing to phase out legacy methods and move users toward phishing-resistant authentication. Starting in January 2027, security questions will be removed as a password reset option in Microsoft Entra ID due to their susceptibility to guessing and social engineering.\\n\\nThe rationale is straightforward: improving strong methods while removing weak ones shrinks the attack surface. This is increasingly urgent as AI agents act on behalf of users. If an identity is compromised, cyberattackers can leverage those agents to access systems, execute workflows, and operate within existing permissions. Organizations need to address this risk quickly.\\n\\n## **A more secure and usable future**\\n\\nLast year, Microsoft joined dozens of organizations in taking the Passkey Pledge, a commitment to accelerating the adoption of phishing-resistant authentication and to moving beyond passwords. Since then, we\u2019ve seen meaningful progress, from hundreds of millions of better-protected consumer accounts to large-scale deployments across organizations like our own.\\n\\nWhat once felt like a long-term shift is finally gaining real momentum: authentication is becoming simpler, safer, and passwordless.\\n\\nFor a more in-depth perspective on how cyberattackers try to bypass authentication through fallback methods and recovery flows\u2014and how to address those gaps\u2014read our companion post.\\n\\n## **Getting started**\\n\\nOrganizations that want to strengthen their identity security posture can enable passkeys for their users and extend policy protections across both sign-in and recovery scenarios.\\n\\nGet started with a phishing-resistant passwordless authentication deployment in Microsoft Entra ID.\\n\\nIndividuals can create and use passkeys for their personal accounts for better security and convenience. \\n\\nLearn more about Microsoft Entra \\n\\nTo learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.\\n\\n* * *\\n\\n1Microsoft Digital Defense Report 2025.\\n\\n2FIDO Alliance reports mainstream global usage on World Passkey Day. FIDO Alliance, 2026.\\n\\n3Synced passkeys and high assurance account recovery, Microsoft Entra blog. December 16, 2025.\\n\\n4FIDO Alliance Champions Widespread Passkey Adoption and a Passwordless Future on World Passkey Day 2025, FIDO News Center. May 1, 2025.\\n\\n5Microsoft Security and Future Initiative (SFI) Progress Report\u2014November 2025.\\n\\nThe post World Passkey Day: Advancing passwordless authentication appeared first on Microsoft Security Blog.”,”published”:”2026-05-07T16:00:00″,”modified”:”2026-05-07T16:00:00″,”type”:”mssecure”,”title”:”World Passkey Day: Advancing passwordless authentication”,”source”:””,”references”:””,”id”:”MSSECURE:C568AED983EC256C681DD39A01B139D5″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/07\/world-passkey-day-advancing-passwordless-authentication\/”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-05-07T18:03:07″,”description”:”World Passkey Day is a chance to reflect on progress toward a shared goal: reducing our reliance on passwords and other phishable authentication methods by…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,110,13,33,7,11,5],"class_list":["post-52155","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-mssecure","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n