Microsoft Projects Wave of Passkey Signups as Password Attacks Double

passwords

Speaking at a recent cybersecurity conference, Microsoft’s Sangeeta Ranjit presented some disturbing statistics.

“In the last year alone, we saw password attacks almost double at Microsoft — over 7,000 per second,” said Ranjt, whose comments were reported Tuesday (Oct. 15) by the website Biometric Update. “This includes a 58% increase in phishing attempts.”

By 2027, the global cost of cybercrime could reach as high as $24 trillion, added Ranjit, product leader for Microsoft’s security division.

One solution to this problem, she told the audience at FIDO’s Authenticate 2024 conference, is the use of passkeys, a biometric alternative to manually selected and stored passwords.

Though Ranjit and colleague Scott Bingham devoted part of their keynote to the challenges of getting users to embrace passkeys, they ultimately concluded that the battle ahead might not be all that difficult.

“We are forecasting that hundreds of millions of users will enroll and use passkeys in the next twelve months,” said Ranjit.

The report notes that one hurdle to complete acceptance is the resiliency of passwords. For passkeys to flourish, Ranjit said, passwords must go away. Microsoft, the report said, will eventually stop permitting new users to create passwords when they create accounts, and will ultimately stop supporting passwords in total.

However, she and Bingham argued that there’s a good chance users are already primed to stop using passwords.

In fact, consumers hate passwords as much as fraudsters love them, PYMNTS wrote in May, making a strong case for passkeys. That report called their use and development “arguably one of the most important security stories of the year,” used by both Mastercard and Visa.

“We’ve all had times when you try to buy something and it doesn’t go through and you have to call your bank and they tell you there’s something suspicious about the transaction,” Mark Nelsen, senior vice president and global head of consumer payments at Visa, told PYMNTS CEO Karen Webster in mid-May.

“With Passkeys, if you do the facial scan immediately upfront, you can do that real quick check. That means all these transactions will go through seamlessly and you no longer have to confirm your identity after the fact.”

More recently, PYMNTS spoke with Adam Lowe, Ph.D., chief product and innovation officer at CompoSecure/Arculus, about the use of hardware-bound passkeys, which require a physical device, and can potentially provide better security than cloud-stored passkeys.

“For banking applications where it is paramount that you can prove your identity and can do so in an easy way, hardware-bound passkeys are extremely important,” Lowe said, adding that breaches over the years have shown how easily cloud-stored information can be compromised.