Adoption and Security of Passkeys in Passwordless Authentication
Summary
Hide ▲
Show ▼
Passkeys, a form of passwordless authentication based on public key cryptography, are gaining traction as a more secure alternative to traditional passwords. They are increasingly adopted by major organizations, including Microsoft and Aflac, due to their enhanced security and user convenience. However, passkeys come with challenges such as device dependency, complex setup, and limited compatibility with legacy systems. Passkeys use a key pair: a public key stored by the service and a private key that stays on the user's device. This method prevents phishing, brute force, and dictionary attacks, as the private key never leaves the device. Even if a database is breached, the public keys are useless without the corresponding private key. Despite their advantages, passkeys face barriers like complexity, costs, and lack of clarity. Organizations may need to run hybrid models during the transition, maintaining strong password hygiene where passkeys are not yet feasible.
Timeline
-
25.09.2025 17:02 1 articles · 4d ago
Microsoft Adopts Passkeys in May 2025
Microsoft made a significant move in May 2025 by going 'passwordless by default' for all new accounts. Users authenticate with passkeys, push notifications, or hardware security keys, with nearly 1 million passkeys registered daily and a 98% login success rate. This shift highlights the growing adoption of passkeys in high-security environments.
Show sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
Information Snippets
-
Passkeys use public key cryptography to generate a key pair, with the public key stored by the service and the private key remaining on the user's device.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys prevent phishing, brute force, and dictionary attacks by ensuring the private key never leaves the device.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Microsoft adopted passkeys in May 2025, with nearly 1 million passkeys registered daily and a 98% login success rate.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Aflac's adoption of passkeys led to a 32% drop in password recovery requests and saved their support team from handling around 30,000 identity-related calls every month.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys offer stronger security by eliminating common attack vectors like phishing and credential stuffing.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys simplify the user experience by allowing quick and easy logins, often using biometrics.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys reduce support costs by decreasing password-related issues.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys provide a consistent experience across platforms using industry-backed standards.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Challenges with passkeys include device dependency, complex setup, limited compatibility with legacy systems, and initial costs.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Organizations may need to run hybrid models during the transition to passkeys, maintaining strong password hygiene where necessary.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02