A Preview of Windows 11s Passkeys Support

  /     /     /  
Publicated : 23/11/2024   Category : security


A Preview of Windows 11s Passkeys Support


The latest update to Windows 11 introduces support for passkeys, which provide phishing-resistant passwordless authentication.



Back in May 2022, Microsoft promised support for passwordless authentication using passkeys in the Windows operating system by the end of 2023. Windows 11 version 23H2, which
Microsoft released to its preview channel
on Tuesday, delivers on that promise.
This update to Windows 11, set to become generally available by the end of 2023, introduces the ability to generate passkeys using biometric authentication, a PIN, or third-party password manager instead of passwords. The
FIDO Alliance specification
for creating digital private keys containing unique cryptographic credentials is based on the World Wide Web Consortiums (W3C)
WebAuthn standard
.
Passkeys are the cross-platform future of secure sign-in management,
wrote David Weston
, Microsofts vice president of enterprise and operating system security. A passkey creates a unique, unguessable cryptographic credential that is securely stored on your device.
Experts view passkeys as the most promising form of authentication currently available for eliminating passwords and protecting accounts from attack. Because passkeys are linked to specific devices, such as computers, tablets, and smartphones, users dont have to memorize usernames and passwords for each website or online service. With passkeys, there are no passwords for attackers to steal or multifactor authentication tokens to intercept. Access can only be granted with the unique cryptographic key, which cant be guessed by an attacker. Passkeys can also be synced across devices within the same operating system, which simplifies the sign-in process.
Individuals can generate passkeys using Windows Hello, Windows Hello for Business, or a smartphone. The passkeys are then stored on the device. To log into a website or application, the person would unlock the passkey with biometrics, such as facial recognition or fingerprint scanning, or via a device-based PIN to gain access to the applications and websites. A passkeys management dashboard will be available in the Settings app, under Accounts >> Passkeys.
The FIDO protocols rely on standard public/private key cryptography techniques; when a user registers with a service, a new key pair is generated, Microsoft says. The private key is stored securely on the users device, while the public key is registered with the service. During authentication, the users device proves it has the private key, which can then be used after it has been unlocked by one of the biometrics or PIN-based methods.
Microsoft says passkeys on the new Windows 11 update work with popular browsers, including its own Edge, Google Chrome, and Firefox. This feature will work with other websites and applications that already support the WebAuthn public key authentication standard, including Adobe, Amazon, DocuSign, GitHub, PayPal, Shopify, and Uber. 1Password maintains a
comprehensive directory of services that support passkeys
.
Apple was the first to deliver passkey support in September 2022, with its release of iOS 16 for iPhones and iPads, followed by its Safari browser. Later that year, Google added passkeys to Android and,
more recently
, to Google Accounts.
Apple expanded the capabilities of passkeys in the release of iOS 17 on Sept. 18, 2023, adding support for Apple IDs, which eliminates the need to use a password on any site or app that is enabled for passkeys. Further, Apple has added support for Apple Managed IDs, created for organizations using Apple Business Manager or Apple School Manager.
Managed Apple IDs support iCloud Keychain in macOS Sonoma, iOS 17, and iPad OS 17, said Alex Sokolov, a software engineering manager who made the announcement at Apples Worldwide Developers Conference in June.
With Managed Apple IDs, your users get all the benefits of using passkeys on all their devices with iCloud Keychain, and you get to manage their accounts, he explained. Passkeys stored in iCloud Keychain of Managed Apple IDs cannot be shared.
Microsoft is providing IT and security administrators with a new policy to prevent password usage across the entire Windows experience, including device unlocks and authentication attempts. A policy in
Microsoft Entra ID
(Azure AD)-joined machines eliminates the option to access company resources with just a username and password.
Microsoft will offer a feature, also available in preview mode for Windows Insiders, called Config Refresh, which allows Windows 11 devices to automatically reset every 90 minutes by default; it can be adjusted down to every 30 minutes. It is accessed via the policy configuration service provider (CSP), which covers hundreds of settings that were traditionally set with Group Policy. It does so through Mobile Device Management, like
Microsoft Intune
, and IT administrators can pause Config Refresh as needed, Weston added.
This is a major win for companies looking to automate best security practices, says 1Password chief product officer Steve Won. With tech giants such as Apple, Google, and now Microsoft embracing passwordless authentication, another domino has fallen in the shift toward passkeys becoming the standard.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
A Preview of Windows 11s Passkeys Support