May 02 2024 10:15 AM
By Alex Weinert
We really, really want to eliminate passwords. There’s really nothing anyone can do to make them better. As more users have adopted multifactor authentication (MFA), attackers have increased their use of Adversary-in-the-Middle (AitM) phishing and social engineering attacks, which trick people into revealing their credentials.
How can we defeat these attacks while making safe sign-in even easier? Passkeys!
A passkey is a strong, phishing-resistant authentication method you can use to sign in to any internet resource that supports the W3C WebAuthN standard. Passkeys represent the continuing evolution of the FIDO2 standard, which should be familiar to anyone who’s followed or joined the passwordless movement. We already support signing into Entra ID using a passkey hosted on a hardware security key and today, we’re delighted to announce additional support for passkeys. Specifically, we’re adding support for device-bound passkeys in the Microsoft Authenticator app on iOS and Android for customers with the strictest security requirements.
Before we describe the new capabilities we’re adding to Microsoft Authenticator, let’s review the basics of passkeys.
Passkeys provide high security assurance by applying public-private key cryptography and requiring direct interaction with the user. As I detailed in a previous blog, passkeys benefit from “Verifier Impersonation Resistance":
Together, these characteristics make passkeys almost impossible to phish.
Read the full post here: Public preview: Expanding passkey support in Microsoft Entra ID