From Passwords to Passkeys: Security Benefits and Implementation Tips
Gil Blumberg
—September 19, 2024
—1 min read
Passwords. We all hate them. If only there was a technology that could take away the pain and angst of having to create, remember and store passwords. Importantly, it would still need to protect us from the nasty denizens that lurk all over the Internet. This technology needs to be scalable, user-friendly, and backed by industry stalwarts such as Intel, Amazon and Microsoft…. Well, it has already been developed, it’s here and you’ve probably already seen glimpses of it in Microsoft Entra.
Microsoft has made great strides and invested heavily in improving authentication mechanisms in Entra with support for FIDO-based security keys available since 2018. In 2021, Microsoft introduced password-less signing in using a security key for commercial customers too. That was truly a seminal moment that revolutionized the way we think about passwords and offered a tantalizing glimpse into a future without them. Back then, the effective security that passwords provided was already on a downward trend due to the increasing length and complexity needed to keep up with thwarting attacks, and the frustrating experience of password management. Although physical security keys have been around for about 10 years as a form of MFA, they were mainly used by hardcore security enthusiasts.
We’ve seen an increase recently in internet services and applications supporting the WebAuthN standard needed for passkeys, and thus the proliferation of using passkeys with services such as banks and online stores. Based on data available from BuiltWith, they reported an exponential rise in the use of WebAuthN, now available on close to 1.5 million websites, a strong indication that the uptake and use of passkeys has entered the mainstream.