Microsoft Makes A Big Security Change Impacting Over 1 Billion Users

We've reported a number of sophisticated cyberattacks where threat actors circumvent 2FA restrictions. In response to the increased vulnerability of passwords, Microsoft has announced a major change in its authentication requirements that will affect over a billion users. This change will see a significant shift from passwords to passkeys. Microsoft believes that by the end of April, it will have made a passwordless sign-in experience possible for most users worldwide.

In a blog post, Partner Director of Product Management at Microsoft, Robin Goldstein, emphasized that its newly optimized sign-in experience prioritizes “usability and security.” Microsoft users are not entirely new to Passkeys, however. What is changing is that the sign-in user experience will now be optimized for passkeys, as shown in the image below.

Microsoft explained how this passwordless sign-in will be carried out. You will start by inputting your email for easy account recovery. Thereafter, a code will be sent to your email account for verification. After signing in, Microsoft will prompt you to input your passkey, which will be used as your default sign-in method therafter.

You'll notice a black theme in the image above. This is Microsoft's response to user requests regarding their interface. Microsoft has unveiled its new light and dark login themes that will be displayed by default according to the user's settings. Although Microsoft's new UX will be rolled out "in waves throughout March and April 2025.", Microsoft has noted that "work or school accounts" will be excluded from this rollout for now.

With passkeys, you won't need to remember any complex passwords or have to change passwords from time to time. You only need to scan your fingerprint or use the facial recognition feature. If your hardware does not permit either, Microsoft will allow users to skip the feature and use a password.


Top Image Credit: Microsoft