On the occasion of "World Password Day", which is held on the first Thursday of May every year, Microsoft has released a security initiative calling on users and enterprises to accelerate the transformation from traditional password login to pass-key security authentication to cope with increasingly complex network security threats and build a strong digital identity security defense line.

Microsoft pointed out in a security blog post that as new attack methods such as artificial intelligence continue to iteratively upgrade, traditional passwords have become a relatively weak link in the network security system and are prone to risks such as credential leakage and phishing attacks. In comparison, pass keys rely on local verification methods such as fingerprints, facial recognition, and device PINs, which are more secure and can effectively resist phishing attacks and avoid information being stolen by fake login pages. At the same time, the operation is easier and the login is faster.


As the main promoter of pass key technology, Microsoft has fully implemented password-free transformation in its products and services. Since this year, Microsoft has enabled passwordless mode by default for newly registered Microsoft accounts, supporting login methods such as pass keys, biometrics, and security keys. Existing users can also manually delete their account passwords to achieve completely passwordless use. The Windows 11 system further strengthens the pass key integration capability and is compatible with mainstream third-party password managers such as 1Password and Bitwarden; the Edge browser supports synchronizing pass keys in Microsoft password managers to mobile devices such as iOS and Android, opening up cross-platform usage scenarios.

At present, the popularization of pass keys has become a consensus in the global technology industry. According to the FIDO Alliance, 5 billion pass keys are already in use around the world. Microsoft disclosed that hundreds of millions of users have used pass keys in consumer services such as OneDrive and Xbox. Enterprise and internal systems have also completed pass key coverage, eliminating weak authentication methods. Anti-phishing authentication covers 99.6% of users and devices. The login process is greatly simplified, without verification codes and no additional pop-up prompts, improving the user experience.

To further strengthen account security, Microsoft announced that starting from January 2027, Microsoft Entra ID will no longer support password reset through security questions, preventing attackers from obtaining account recovery information through phishing means from the source.