Best Practices, Safety, Security Practices

Microsoft Pushing Passkey and You Can’t Opt Out of Notifications

December 19, 2024 CyberCecurity Leave a comment

Passkeys are a replacement for passwords and, in general, are way more secure. They use encryption to validate who you are in a different way than HTTPS does. With passkeys, you don’t type in a password. Instead the website and your device create a digital handshake that only works from your device and with that website. Different website, different passkey.

One problem with passkeys is synchronization between devices, especially when the devices come from different makes (like and iPhone and Windows PC) and another is what happens if you lose your device or it stops working. To an extent, passkeys are a work in progress.

Also, the website has to understand how to use passkeys, so it won’t work everywhere.

Still, as it matures, it will create a much more secure ecosystem and one that is much harder to compromise. One bit of good news is that it is not an all or nothing thing. You can use a passkey to log into eBay and a password to log into Facebook. For most sites, they are not going to delete your password, but since you don’t have to type it in, there is less chance of it being captured when you use it.

Also, since it is tied directly to a website, phishing attacks don’t work. Passkey is smart enough to realize the address is different and won’t find a matching passkey. If you are using passkeys for a site and all of a sudden it doesn’t work, you are likely getting phished.

Lets say, for example, I use passkeys to log into Facebook. If someone sniffs my Facebook passkey, which is different than my passkey for any other website, they can’t use it.

Apple introduced passkeys in late 2022 and Chrome added support for it in their browser soon after.

Microsoft added support in Windows 11 23H2 and has been working hard to improve the user experience.

The key part about passkeys is if, lets say, Facebook is hacked, they don’t have my password to leak. Also, the passkey to each and every website is unique, making it very secure.

Of course, if your computer is compromised, you still have a problem.

All in all, it is good with caveats. Look for a nudge. Or two. Or three … from Microsoft.

Credit: The Register