Microsoft is officially going passwordless by default. On the surface, it’s a welcome step toward a safer, simpler future. Passkeys — supported by Apple, Google, and Microsoft under the FIDO Alliance banner — promise to eliminate the phishing risks, credential leaks, and attack vectors that passwords have always invited.
But there’s a catch.
If you want to go truly passwordless with a Microsoft account, you must use the Microsoft Authenticator app. No Authy. No Google Authenticator. No Yubikey-only setup. Without Microsoft’s own app on your phone, your account retains a traditional password, defeating many of the security benefits that passkeys are meant to deliver.
It’s a baffling choice from a company that claims to champion interoperability and open standards. The FIDO2 protocol is designed to support a wide range of authenticators, including hardware tokens and platform biometrics. Microsoft’s decision to wall off the full experience to its own app undermines the promise of a universal passwordless standard.
Still, the move is a net positive. Making passkeys the default for new accounts and nudging existing users to adopt them is good security hygiene. Passkeys are harder to phish, easier to use, and fundamentally more secure than the shared secrets they replace.
If Microsoft’s long-term vision is to kill the password, mandating its own app feels like an awkward speed bump on the way to that goal. That’s the price of progress, I guess.
The password is dying. Long live the passkey.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. This work was created with the assistance of various generative AI models.