Microsoft has announced a major milestone in the evolution of digital security: new Microsoft accounts are now passwordless by default. This move, unveiled on May 1, 2025, coincides with the first-ever "World Passkey Day" and is set to impact billions of users worldwide. The change is part of Microsoft’s broader commitment to a safer, phishing-resistant future and comes amid a dramatic rise in password-based cyberattacks. 1
Key Takeaways
- New Microsoft accounts are now created as "passwordless by default," requiring users to set up a passkey (biometric or device-based authentication) instead of a traditional password.
- Microsoft is collaborating with the FIDO Alliance and industry partners to accelerate the adoption of passkeys as a phishing-resistant, standards-based authentication method.
- Over 99% of Windows device sign-ins with Microsoft accounts already use passwordless methods like Windows Hello (face, fingerprint, or PIN).
- Microsoft reports 7,000 password attacks per second in 2024, more than double the rate from 2023, underscoring the urgent need for secure alternatives.
- The shift aims to protect up to 15 billion accounts across Microsoft’s ecosystem, including Windows, Xbox, Microsoft 365, and more.
Why It Matters: The End of the Password Era
For over a decade, Microsoft has been a leader in the push toward passwordless authentication. The introduction of Windows Hello laid the groundwork for secure, user-friendly sign-ins using biometrics or device PINs. However, as cyber threats have evolved, so too has the need for stronger, phishing-resistant authentication. Passkeys—developed in partnership with the FIDO Alliance—are now positioned as the industry standard for secure sign-ins.
What Are Passkeys?
Passkeys are cryptographic credentials stored on a user’s device, enabling secure, phishing-resistant sign-ins using biometrics (like face or fingerprint) or a device PIN. Unlike passwords, passkeys cannot be reused, guessed, or phished, making them a robust defense against common cyberattacks.
The Scale of the Change
Microsoft’s move is not just symbolic. With an estimated 15 billion user accounts across its platforms, making passkeys the default for new accounts represents one of the largest shifts toward passwordless authentication in history. This change will:
- Reduce the attack surface for credential theft and phishing campaigns
- Simplify the user experience for sign-ups and logins
- Set a new industry benchmark for secure authentication
Adoption and Industry Impact
The transition to passkeys is being mirrored across the tech industry, with major platforms and services joining the FIDO Alliance’s Passkey Pledge. Microsoft’s leadership in this area is expected to accelerate adoption globally, especially as password-based attacks continue to surge.
Practical Guidance for Users
To take advantage of Microsoft’s new passwordless features:
- When creating a new Microsoft account, follow the prompts to set up a passkey using your device’s biometric or PIN options.
- Existing users are strongly encouraged to migrate to passkeys for enhanced security.
- For more information and a list of supported websites, visit the FIDO Alliance Passkey Directory.
Final Thoughts
Microsoft’s move to make passkeys the default for new accounts is a watershed moment in the fight against cybercrime. By eliminating passwords for billions of users, Microsoft is setting a new standard for digital security—one that is likely to be followed by the rest of the industry.
Related Articles
- Microsoft Office 365 MFA Bypassed by SessionShark Phishing Kit
- ScamNet & Llama‑3: AI Tool Detects Fraudulent Shopping Sites with 95% Accuracy
- AI Revolutionizes Cybersecurity Training: Meet ARCeR, the Intelligent Cyber Range Creator