• Microsoft vs Passwords

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Microsoft vs Passwords

    Author
    Topic
    Alex5723
    AskWoody Plus
    March 29, 2025 at 12:10 pm #2758923

    https://www.microsoft.com/en-us/security/blog/2024/12/12/convincing-a-billion-users-to-love-passkeys-ux-design-insights-from-microsoft-to-boost-adoption-and-security/

    There’s no doubt about it: The password era is ending..

    At Microsoft, we block 7,000 attacks on passwords per second—almost double from a year ago. At the same time, we’ve seen adversary-in-the-middle phishing attacks increase by 146% year over year.1 Fortunately, we’ve never had a better solution to these pervasive attacks: passkeys.

    Passkeys not only offer an improved user experience by letting you sign in faster with your face, fingerprint, or PIN, but they also aren’t susceptible to the same kinds of attacks as passwords. Plus, passkeys eliminate forgotten passwords and one-time codes and reduce support calls…

    2 users thanked author for this post.
    F A Kramer, b
    Reply | Quote
    Viewing 9 reply threads
    Author
    Replies
    • Average-Jane
      AskWoody Plus
      March 29, 2025 at 2:44 pm #2758929

      It’s still a big No Thank You from me.

      3 users thanked author for this post.
      SueW, Nibbled To Death By Ducks, Cybertooth
      Reply | Quote
    • Paul T
      AskWoody MVP
      March 29, 2025 at 3:31 pm #2758966

      A December 24 blog post as a security warning / advice in late March 25!?
      Alex, must do better.

      cheers, Paul

      3 users thanked author for this post.
      WSbobby-p, Bob99, Microfix
      Reply | Quote
    • F A Kramer
      AskWoody Plus
      March 29, 2025 at 4:01 pm #2758969

      Please help me understand this better as I have always used passwords (using 11 to 16 “characters”), except for logging onto my computer where I use a PIN. I use a password to access my MS account when necessary. Exactly how does a passkey differ from a password? Am I right that a PIN is stored on my computer only? Thanks to all for your responses.

      Reply | Quote
    • Paul T
      AskWoody MVP
      March 29, 2025 at 4:25 pm #2758973

      A passkey uses a unique public / private key to authenticate you on the host. You store the private key locally and the host keeps the public key.
      When you want to authenticate, the host sends a code calculated via the public key and your machine confirms this via the private key. You don’t need to do anything, except maybe open the private key store.
      As long as nobody else has your private key, you remain secure.

      A PIN is stored locally and unlocks the login. You still need the password for recovery.

      cheers, Paul

      Reply | Quote
    • Alex5723
      AskWoody Plus
      March 30, 2025 at 2:08 am #2759045
      Paul T wrote:

      A December 24 blog post as a security warning / advice in late March 25!?

      Yes. The transition is on.

      * When switching to passkeys don’t keep your password as backup

      passkeys1

      passkeys2

      passkeys3

      Reply | Quote
    • Nibbled To Death By Ducks
      AskWoody Plus
      March 30, 2025 at 3:59 am #2759064

      It may or may not be ending “soon”.

      Yubikey, for one, has had a recent security issue:

      “n September 2024, security researchers from NinjaLab discovered a cryptographic flaw in Infineon chips that would allow a person to clone a Yubikey if an attacker gained physical access to it. The security vulnerability permanently affects all Yubikeys prior to firmware update 5.7. Yubico rated the issue as “moderate” citing the need for an attacker to have physical access to the key, expensive equipment, and advanced cryptographic and technical knowledge.”

      Older issues also may be found at: https://en.wikipedia.org/wiki/YubiKey

      Also, there are closed-source concerns:

      https://en.wikipedia.org/wiki/YubiKey#YubiKey_4_closed-sourcing_concerns

      IMHO, passkeys show much promise, but I’m hanging back for now. When major financial organizations join up as a majority, maybe then will be the time for me.

      (Also, it would be wise to remember that the sun does not rise and set on Microsoft, and they are not infallible. They may WISH you to think so, but this site was created by a man who knew a trick or two worth that, and may the Great Grid bless him for doing that.)

      Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      3 users thanked author for this post.
      SueW, Cybertooth, Average-Jane
      Reply | Quote
    • Alex5723
      AskWoody Plus
      March 30, 2025 at 4:54 am #2759075
      Nibbled To Death By Ducks wrote:

      (Also, it would be wise to remember that the sun does not rise and set on Microsoft,

      Yes, it does when 90% of PC users are running Windows OS and close to that are running Office, and Microsoft can do whatever it wishes with both.

      Reply | Quote
    • Nibbled To Death By Ducks
      AskWoody Plus
      April 1, 2025 at 2:59 am #2759725
      Alex5723 wrote:

      Yes, it does when 90% of PC users are running Windows OS

      Um, more like 71 %: https://gs.statcounter.com/os-market-share/desktop/worldwide/

      …but point taken.

      Interesting to note that Linux has eclipsed Mac in that arena.

      Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      Reply | Quote
    • Nibbled To Death By Ducks
      AskWoody Plus
      April 2, 2025 at 1:49 am #2759951
      b wrote:

      It hasn’t. MacOS (OS X) has 16% and Linux 4% there.

      Quite right. Old eyes, very late at night. Tip O’the hat to thee. 🙂

      Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      1 user thanked author for this post.
      b
      Reply | Quote
    • John
      Guest
      April 14, 2025 at 8:09 am #2763095

      Does creating a passkey PIN require cookies to remain on my PC? I use Firefox and have it setup to delete cookies(and site settings) on exit.

      Reply | Quote
      • b
        AskWoody_MVP
        April 14, 2025 at 9:43 am #2763265

        No. Passkeys and PINs don’t use cookies.

        Reply | Quote
    Viewing 9 reply threads
    Reply To: Microsoft vs Passwords

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.