Microsoft is pushing users to adopt passkeys as part of its bid to improve cybersecurity, proclaiming that “the password era is ending.”

Microsoft is in the midst of a high-profile attempt to improve cybersecurity across its platforms, following a series of costly and embarrassing security failures. One of its endeavors is convincing users to adopt passkeys instead of passwords. Passkeys do away with the need for passwords by relying on a phone or other physical device to authenticate a user, or by using biometrics, such as a fingerprint or face scan.

Sangeeta Ranjit, Microsoft Group Product Manager, and Scott Bingham, Principal Product Manager, penned a blog post highlighting the company’s progress convincing users to switch to passkeys. The two executives begin by highlighting the cybersecurity challenges the company faces, and why passkeys are important.

At Microsoft, we block 7,000 attacks on passwords per second—almost double from a year ago. At the same time, we’ve seen adversary-in-the-middle phishing attacks increase by 146% year over year.1 Fortunately, we’ve never had a better solution to these pervasive attacks: passkeys.

Passkeys not only offer an improved user experience by letting you sign in faster with your face, fingerprint, or PIN, but they also aren’t susceptible to the same kinds of attacks as passwords. Plus, passkeys eliminate forgotten passwords and one-time codes and reduce support calls.

The executives say the company worked hard to get passkey adoption right, start small, experimenting to find the right path forward, and then ‘scaling like crazy.’ The pair say the results have been impressive, with passkeys greatly improving the authentication experience for most users.

To make sure we got our passkey experience right, we adopted a simple methodology: Start small, experiment, then scale like crazy. The results have been encouraging:

• Signing in with a passkey is three times faster than using a traditional password and eight times faster than a password and traditional multifactor authentication.
• Users are three times more successful signing in with passkeys than with passwords (98% versus 32%).
• 99% of users who start the passkey registration flow complete it.

The blog post makes clear that Microsoft is intent on pushing users toward passkeys, furthering the demise of traditional passwords.

As we began to understand where and when to invite users to enroll passkeys, we also explored “how.” We ran multiple user studies and tested every pixel in our nudge screen to answer the question, “What would motivate a user to stop what they’re doing and enroll a passkey?”

First, we wanted to understand which value proposition would resonate most. Surprisingly, an easier sign in didn’t resonate with users as strongly as a faster or more secure sign in. Perhaps less surprising was discovering that security and speed resonated almost equally. Approximately 24% of users shown a message emphasizing security clicked through while approximately 27% of users shown messaging about speed clicked through.

If a user sees a nudge and chooses to enroll a passkey, great! But, if they see the nudge and decide that now isn’t the right time, we wanted to frame their decision in a positive way. The button text, “Skip for now,” respects that the user isn’t ready to enroll a passkey yet and lets them continue with what they were doing, but it also sets the expectation that we’re going to ask again. We’re implementing logic that determines how often to show a nudge so as not to overwhelm users, but we don’t let them permanently opt out of passkey invitations. We want users to get comfortable with the idea that passkeys will be the new normal.

The exciting results of our experiments are helping us craft the best experience possible for our users, and we’re continuing to evolve. We encourage you to run your own experiments as well. Your products and users are different from ours and you might discover different outcomes. However, if you’re looking for a good place to start, messaging about speed and security is probably a safe bet. We also encourage you to reference the fantastic research that the FIDO Alliance has done, along with the UX guidelines they’ve published.

Microsoft is clearly intent on transitioning all of its users to passkeys. While some users may be hesitant to make the switch, the company is right that passkeys are far more secure, while also offering some convenience benefits.