Facebook and its 3 billion users get passkeys, Microsoft deleting passwords

Facebook is introducing passkeys as the social media platform jumps on the passkeys wagon.

While Facebook might have fallen out of favor with Gen Z in Western countries, the platform remains enormously popular with over three billion users globally accounting for nearly 60 percent of all social media users worldwide.

The move to passkeys and biometrics by Facebook marks a major shift for billions of people — as did Microsoft’s move to the verification method, which it announced in March (more on that below).

“Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes because they are resistant to guessing or theft by malicious websites or scam links, making them effective against phishing and password spraying attacks,” Facebook says.

Passkeys are a simpler and safer way to verify identity and login to accounts or profiles. It replaces traditional passwords which are all too easily forgotten, hacked or stolen. Passkeys rely on biometrics, such as fingerprint or face biometrics, or PIN to unlock your device.

Facebook says passkeys will be available soon on iOS and Android mobile devices and it will be rolling out passkeys to Messenger in the coming months. Once the passkey is set up for Facebook it will also work on Messenger, the company says.

Facebook users will be able to utilize passkeys when making purchases using Meta Pay, allowing for secure autofill for payment information. Passkey set-up will be managed in the Accounts Center, found within the Settings menu on Facebook. Users may be prompted to set up a passkey when logging in to Facebook.

Passwords will remain an authentication method so users can still access their account when using a device that does not yet support passkeys. Meta – Facebook’s parent company which also owns Instagram and WhatsApp – is an active member of the FIDO Alliance, which developed the technology behind passkeys.

WhatsApp made passkeys an option for all users in May 2024.

Microsoft will start deleting your passwords

Microsoft account users should have shifted to passkeys as the software giant announced it was rolling out a new sign-in experience in March.

The change was accompanied with a new UX and design language, with Microsoft saying the new UX was optimized for a passwordless and passkey-first experience. Now, Microsoft is going to start deleting your passwords.

As of June, users won’t be able to save new passwords in Microsoft’s Authenticator app. From July, autofill with Authenticator will no longer work, and from August saved passwords in Authenticator will no longer be accessible.

For those panicking Microsoft has provided an alternative, adding a “Turn on Edge” button in Authenticator which allows saved passwords, but not generated password history, and addresses synced to the user’s Microsoft account to function in Microsoft Edge. Users then will be able to continue accessing saved passwords, with autofill functionality, in Microsoft’s web browser.

Authenticator will continue to support passkeys with Microsoft advising users to ensure Authenticator remains enabled as their Passkey Provider as “disabling Authenticator will disable your passkeys,” the company states.

Microsoft says bad actors are accelerating password-related attacks and phishing while they still can. Passkeys enable an improved user experience with faster sign-in times but also aren’t susceptible to the kinds of attacks that passwords are, Microsoft said.

Article Topics

biometric authentication  |  biometrics  |  Facebook  |  FIDO2  |  Meta  |  Microsoft  |  passkeys  |  passwordless authentication