Featured Image Credit: NurPhoto / Contributor / Getty
We're living in a hacker's world, we just don't know it. As cybersecurity experts continue to warn us about the dangers of hackers and security breaches, it seems our Fort Knox of data might not be as secure as we'd like it to be.
Cybersecurity concerns are more prevalent than ever in 2025, as major companies are dealing with issues on a regular basis.
If it's not hackers getting into the personal accounts of customers, it's whole companies having their information spread across the internet.
Hoping to tackle things head-on, Microsoft is trying to make a move into passwordless sign-ins by bamboozling bad actors.
Advert
Announced as part of its "passwordless by default" initiative, Microsoft explained how it will now ask new users to create accounts only using the likes of passkeys, push notifications, and security keys.
It has offered passwordless logins on Windows for years, with users also able to delete passwords to opt for other sign-in methods.
Still, going passworldess by default is a major move.
In the announcement post, Microsoft says how it's leaving 'World Password Day' (yes, it's a thing) behind and will be celebrating the first 'World Passkey Day'.
The Passkey Pledge is working toward encouraging people to increase the implementation and adoption of passkeys over the next year.
As the tech giant reiterates: "For Microsoft, taking the pledge continues our commitment to a future where every sign in is simple and secure."
This is part of a coordination of the FIDO Alliance, with Apple, Google, and others joining Microsoft on its passwordless quest.
There's the caveat that before you can go passwordless, you'll need the Microsoft Authenticator app on your phone, which is a hassle in itself.
As Authy, Google Authenticator, and other authenticator apps are incompatible, Microsoft has faced complaints that it's become unnecessarily difficult to go passwordless.
You don't need Microsoft Authenticator to use a passkey, but unless it's installed, you won't be able to ditch passwords in the first place. It's something of a chicken-and-egg scenario that's already causing headaches. People shared their concerns over on Reddit, with one angry user writing: "What happens if I lose my device for some reason? Breakdown, theft, lost…..That’s my concern."
Seeing a potential problem, another asked what would happen if Authenticator faces an outage, adding: "Whereas other companies allowed any Authenticator and people were able to just go download another one, restricting it to one puts all your eggs in one basket."
A third concluded: "Average users don't realise what is happening. Passkeys are a pain in the ass. Getting saved to different locations randomly, especially when users just click NEXT without reading...Samsung Pass, Password Managers, Chrome, Firefox, etc. Everything is potentially saving passkeys. It's a solution that causes more problems for me."
While it's true that the FIDO Alliance's WebAuthn standard should be immune to credential phishing, password leaks, and password spraying, many think it's an overcomplicated system that has us jumping through hoops in an already confusing tech landscape.
