Microsoft Plans Password Deletion for 1 Billion Users

Microsoft has revealed intentions to erase passwords for one billion users. “The password era is ending,” it states. It cautions those individuals that “bad actors know it, which is why they’re desperately accelerating password-related attacks while they still can.” 

Microsoft also has revealed that in the quest for the password deletion exercise, it is now stopping an amazing 7,000 password attacks each second, nearly doubling the rate from a year ago.

This increase in cyber dangers highlights the critical need for stronger authentication techniques, with passkeys emerging as a possible solution.

The tech company also revealed a 146% year-over-year spike in adversary-in-the-middle phishing assaults, illustrating attackers’ growing sophistication. All of this is bad news. However, there is good news to come: “we’ve never had a better solution to these pervasive attacks: passkeys.”

These troubling data are part of Microsoft’s broader efforts to shift away from traditional passwords and toward more secure authentication mechanisms.

In a blog post put out on Thursday, Microsoft explains how it hopes to “convince a billion users to love passkeys” through clever design. “Passkeys not only improve the user experience by allowing you to sign in more quickly with your face, a person’s or PIN, but they are also less vulnerable to assaults than passwords. Additionally, passkeys remove forgotten passwords and one-time codes.” Passkeys, unlike passwords, employ biometric data or PINs to unlock a private key saved on the user’s device, making them substantially more secure against phishing and other conventional attack vectors.

Passkeys, a cutting-edge alternative to passwords, are gaining popularity as a potential game changer in the fight against cybercrime.

The adoption of passkeys, this year, has increased significantly. “In the two years since passkeys were disclosed and made accessible for consumer usage, the FIDO Alliance said a few weeks ago, “passkey knowledge has climbed by 50%, from 39% familiar in 2022 to 57% in 2024.”

And, like Microsoft, it believes that ease of use is as vital as increased security. “The majority of those familiar with passkeys enable the technology to sign in…” Meanwhile, despite passwords maintaining the most prevalent method of account sign-in, overall usage has decreased as alternatives become more widely available.

Microsoft’s latest activities demonstrate its dedication to passkeys. In May 2024, Microsoft announced passkey support for major services such as Xbox, Microsoft 365, and Microsoft Copilot.

The results have been positive, with passkey sign-ins being three times faster than regular passwords and eight times faster than passwords combined with multi-factor authentication (MFA).

User uptake has also been positive. According to Microsoft’s post, users are three times more effective in signing in with passkeys than passwords, with a 98% success rate vs 32% for passwords. The article is all about accelerating that adoption curve, because as always, the last 30-40% of customers will be the most difficult to persuade. “Somehow, we had to persuade enormous and diverse people to permanently change a familiar behaviour—and be enthusiastic about it. We asked ourselves, “How will we persuade more than a billion people to love passkeys as much as we do?”

Furthermore, 99% of users who started the passkey registration procedure finish it, suggesting widespread user acceptability.

To increase acceptance, Microsoft has taken a proactive approach, encouraging users to enrol in passkeys at critical periods such as account setup or password resets.

This method has produced amazing results, with a 987% rise in passkey use since the installation of a new sign-in design.

Looking ahead, Microsoft expects hundreds of millions of new users to create and utilize passkeys in the coming months.

The company’s ultimate goal is to completely eliminate passwords and transition to accounts that only accept phishing-resistant credentials.

As the digital landscape evolves, the change to passkeys is a crucial step toward improving cybersecurity.

With major IT companies like Microsoft leading the way, the era of traditional passwords may be coming to an end, ushering in a new age of more secure and user-friendly authentication mechanisms.

“With the possibility of evenly convincing our more than one billion users to enrol and use passkeys,” Microsoft argues, “if a user has both a passkey and a password, and both permit access to an account, the account is still vulnerable to phishing. Our ultimate goal is to fully eliminate passwords and have accounts that only accept phishing-resistant credentials. The company offered password erasure in 2022 and now claims that “millions of users have deleted their passwords.”

It’s actually that simple. You should utilize passkeys wherever they are available. This connects secure access to an account, app, or service to the physical hardware you’re using, which is safeguarded by biometric access and a PIN code that is never shared or stored off device. It’s even more secure than 2FA, which is mostly SMS-based and can be intercepted by a rogue program on the smartphone.