The password has had its day: Microsoft relies entirely on passkeys
No more passwords: Microsoft is turning off traditional passwords. Shocked by AI-supported phishing attacks that reach click rates of over 50 percent, Microsoft only wants to allow passkeys and is abolishing security questions.
Not a new development
Microsoft is sounding the alarm: Conventional passwords are no longer sufficient to effectively protect user accounts. On the occasion of World Passkey Day on May 7th, the company formulated a clear message: The future of authentication lies in passkey-based procedures, while classic passwords are increasingly becoming a security risk.
This attitude, or rather insight, is not entirely new. Microsoft argues that passwords remain among the weakest links in online security. Attackers now use AI-supported phishing campaigns that achieve click rates of up to 54 percent. Sophisticated deceptive tactics make traditional passwords easy prey for cybercriminals.
Passkeys are becoming standard
Microsoft has already taken far-reaching steps to advance a passwordless future. Since the beginning of 2026, new Microsoft accounts will be created without a password by default. Instead, users can log in with passkeys, biometric procedures or security keys. Existing users have the option to manually remove their passwords from their accounts. Windows 11 has also significantly expanded its passkey integration. The operating system now natively supports passkeys from third-party managers such as 1Password or Bitwarden.
Advantages are great
Microsoft has developed a special passkey API together with these providers. Passkeys from the Microsoft Password Manager can also be synchronized with iOS and Android via the Edge browser. The advantage is obvious. Passkeys are based on device-specific verification such as fingerprint, facial recognition or PIN. Unlike passwords, they are resistant to phishing attacks and cannot be accessed via fake login pages. Cybersecurity infographic: Emails remain the biggest security risk
Five billion passkeys in use worldwide
Microsoft is not alone in its push. The entire tech industry, especially members of the FIDO Alliance is driving passkey adoption. The FIDO Alliance estimates that five billion passkeys are already in use worldwide. According to a recent study, 90 percent of people now know passkeys and 75 percent have activated at least one. At Microsoft itself, according to the company, “hundreds of millions of users” use passkeys every day for services such as OneDrive, Xbox and Copilot. Internally, the group says it has eliminated weaker authentication methods and rolled out phishing-resistant procedures that cover 99.6 percent of all users and devices in the Microsoft environment.
Security questions will disappear from 2027
Microsoft also wants to ensure that attackers cannot exploit account recovery vulnerabilities. Starting January 2027, security questions will no longer be able to be used to reset passwords in Microsoft Entra ID. In doing so, the company is removing another attack surface that criminals have previously been able to use as a back door.
