Microsoft Adds a Password Manager to Windows 11
Whether you use a Mac or a PC, an iPhone or an Android, you’ll likely have to deal with a lot of passwords. Even if you make all of these passwords strong and unique (which many of us don’t), it’s still a vulnerable form of authentication. If your company has a data breach, attackers will be able to find and use your password.
Of course, adding two-factor authentication greatly improves your security, but between using a password manager and setting up 2FA for all your accounts, things quickly get complicated. Big tech companies like Microsoft see a better way and path to eventually eliminating passwords for good: passkeys.
What are access keys?
Access keys are fundamentally more secure (and convenient) than passwords. Instead of having to come up with a series of characters that unlock access to a device or account, your device becomes the key to unlocking those things, relying on built-in authentication to confirm your identity. It’s like better two-factor authentication, only more secure.
Here’s how it works: When you create a passkey on your device, say a Windows PC, a private cryptographic key is installed on that device. The public key corresponding to your private key is sent to the appropriate company, in this case Microsoft. Now, when you sign in to an account that supports your Windows passkey, Microsoft servers are prompted to do so. Their systems will contact your device to verify that the keys actually match, through authentication such as a fingerprint or facial scan, or the PIN or password you use to unlock the device itself. If they match, you gain access to the account or service. If not, then you’re out of luck.
This is what gives access keys their security advantage. Without physical access to your device and an authentication method required to log in, attackers will be unable to break into your various accounts. Companies have no password that could accidentally be revealed to the world, and no 2FA codes for attackers to trick you into handing over information. As long as you don’t reveal the PIN on your phone or computer and maintain access to those devices, your accounts are safe.
Windows 11 relies on access keys
Microsoft has been enthusiastic about passwords for some time now, so it’s no surprise that the company’s upcoming big update to Windows 11 will include more support. Microsoft says that once you create a passkey using Windows Hello, you’ll be able to access websites and apps that support Windows passkeys using just your face, fingerprint, or computer PIN.
But more importantly, this Windows 11 update adds a password manager so you can go to Settings > Accounts > Access Keys to manage all the access keys you’ve attached to your PC. Additionally, you can store passkeys on your phone and log in using your phone’s authentication methods. This means that if you’re away from your computer and need to log into GitHub, you can scan your face on your phone to allow login.
This support extends to business as well. IT teams will be able to bypass required passwords on devices and prompt users to use a more secure login option, such as passkeys.