The news: On World Passkey Day (yes, that’s a real thing), Microsoft announced features that double down on a passwordless future.
-
“Passwordless by default.” Any new Microsoft accounts will never need to have a password, and users can delete old passwords from the system.
-
Simplified sign-in. Microsoft will detect the best method for signing in. Rather than provide options, such as password plus a code, it will request that users opt in to a passkey.
Passkey options include PINs, biometric authentication (such as face or fingerprint scans), and hardware security keys.
Key stats: Most people (74%) are aware that passkeys exist, per the FIDO (Fast IDentity Online) Alliance Consumer Password & Passkey Trends report, yet less than half (42.8%) of people in the US have implemented passkeys on at least one account.
Why it matters: Passwords are easily stolen, and people continue to use really weak ones.
- More than 19 billion passwords have been stolen or leaked between April 2024 and April 2025, per Cybernews.
-
727 million passwords use the sequence “1234.” That’s about 4% of all passwords.
- “Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks,” which are brute force attacks based on common words and phrases, said Neringa Macijauskaitė, information security researcher at Cybernews.
A retail solution: Not only do poor password practices leave companies vulnerable to malware and intruders, 48% of people have abandoned their ecommerce shopping carts because they forgot their password, per FIDO. That’s up from 42% in August.
Allowing customers to opt in to passkeys on ecommerce sites could help boost sales and cut down on cart abandonment.
Our take: Microsoft and other Big Tech giants are pushing passkeys as a solution to the inherent vulnerabilities of passwords. Its Microsoft Authenticator app has helped it move forward in that space as it leans into eliminating passwords altogether.
While passkeys can’t protect against all malware and cybersecurity threats, they can help cut the risks from bad passwords.
This content is part of EMARKETER’s subscription Briefings, where we pair daily updates with data and analysis from forecasts and research reports. Our Briefings prepare you to start your day informed, to provide critical insights in an important meeting, and to understand the context of what’s happening in your industry. Non-clients can click here to get a demo of our full platform and coverage.