Microsoft has announced that Microsoft Authenticator will support passkeys natively starting in mid-January 2025, marking a significant advancement in phishing-resistant authentication methods. The implementation builds on Microsoft’s broader push toward passwordless authentication solutions.
Passkeys replace traditional passwords with cryptographic key pairs – a public key stored by the service and a private key secured on the user’s device. When logging in, the device uses biometric data or a PIN to unlock the private key for verification without transmitting sensitive credentials over the internet.
According to Microsoft’s documentation, the latest public preview refresh includes several key enhancements. Administrators can now require attestation during passkey registration, and Android native apps support passkey sign-in through the Authenticator. The registration process has been streamlined with an improved wizard that guides users through prerequisites.
Beginning with version 6.2408.5807, Microsoft Authenticator for Android now complies with Federal Information Processing Standard (FIPS) 140-3 for all Microsoft Entra authentications. This includes phishing-resistant device-bound passkeys, push multi-factor authentication, passwordless phone sign-in, and time-based one-time passcodes.
Lukas Beran, a Microsoft cybersecurity consultant, clarified that once general availability is reached in January, “passkeys will become a fully functional phishing-resistant authentication option equivalent to physical keys.” Organizations preferring not to enable passkey support can implement key restrictions through the passkey (FIDO2) policy.
Dave Taku, head of product management at RSA, noted that the announcement “suggests CISOs who are not ready to support passkeys by mid-January will need to actively manage settings to avoid potential security issues.” Organizations must either prepare their infrastructure for passkey support or implement restrictions to block passkey authentication.
The implementation aligns with industry standards, including the FIDO Alliance’s specifications for secure credential exchange. Microsoft has been gradually expanding its passwordless authentication options, with Windows Hello biometric authentication and FIDO2 security key support already available.
Sources: Microsoft Tech Community, RSA Blog
—
November 6, 2024 – by Cass Kennedy
Related News
FIDO Unveils Agenda for Authenticate 2024 Conference
Visa Brings Passkeys to Online Payments in Major FIDO Victory
Google Makes Passkeys Default Login Option for Personal Accounts- Android 15 Enhances Security with Passkeys and Theft Protection Features
Thales, Badge Team Up to Secure IAM with Shared Devices
ID Tech Digest – September 19, 2024
Follow Us