Passkeys adoption and security implications
Summary
Hide ▲
Show ▼
Passkeys, a form of passwordless authentication, are gaining traction as a more secure alternative to traditional passwords. They use public key cryptography and are tied to a user's device, making them resistant to common attacks like phishing and credential stuffing. Major companies like Microsoft and Aflac have already adopted passkeys, reporting significant security and operational benefits. However, passkeys also present challenges, including device dependency, complex setup, and limited compatibility with legacy systems. Despite these hurdles, passkeys are expected to become more prevalent, particularly in high-security environments and mobile-first applications. Organizations are encouraged to continue enforcing strong password hygiene during the transitional phase. Passkeys generate a key pair: a public key stored by the service and a private key that remains on the user's device. Authentication occurs through the device signing a challenge with the private key, proving identity without revealing secrets. This method eliminates many vulnerabilities associated with passwords, such as phishing and brute-force attacks. However, the shift to passkeys requires infrastructure changes, user education, and initial investment, which can be barriers for some organizations.
Timeline
-
25.09.2025 17:02 1 articles · 1h ago
Microsoft adopts passkeys in May 2025
Microsoft made a significant move in May 2025 by going "passwordless by default" for all new accounts. Users authenticate with passkeys, push notifications, or hardware security keys. Nearly 1 million passkeys are registered daily, with a 98% login success rate, compared to just 32% for passwords.
Show sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
Information Snippets
-
Passkeys use public key cryptography and are tied to a user's device, making them resistant to phishing and credential stuffing.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Microsoft adopted passkeys in May 2025, reporting nearly 1 million passkeys registered daily with a 98% login success rate.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Aflac, a leading US insurance provider, adopted passkeys, leading to a 32% drop in password recovery requests.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys eliminate common attack vectors like phishing and credential stuffing, as the private key never leaves the user's device.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys require infrastructure changes, user education, and initial investment, which can be barriers for some organizations.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02
-
Passkeys are expected to become more prevalent in high-security environments and mobile-first applications.
First reported: 25.09.2025 17:021 source, 1 articleShow sources
- How secure are passkeys, really? Here's what you need to know — www.bleepingcomputer.com — 25.09.2025 17:02