Passwords are vanishing—and Microsoft is leading the charge. With its latest update to the WebAuthn API in Windows 11, Microsoft introduces support for third-party passkey plugins, allowing users to authenticate through services like 1Password and Bitwarden.
The WebAuthn API in Windows 11 is primarily used to enable passwordless authentication for applications and websites, leveraging strong, phishing-resistant credentials. It is part of Microsoft’s broader effort to enhance security and user convenience by replacing traditional passwords with modern authentication methods like biometrics and hardware-based security keys.
The support for third-party passkey plugins, now available in Windows 11 Preview Build 22635.4515 for Windows Insiders, represents a step forward in giving users more secure and flexible login options.
“Messages in WebAuthn flows will be forwarded to the plugin, and responses are returned to the WebAuthn client applications,” Microsoft explained. “This enables plugins to create and authenticate with passkeys when requested by the customer.” These changes not only expand user choice but also preserve the seamless experience of Windows Hello.
Why Passkeys Are the Future of Authentication
Traditional passwords are a weak link in cybersecurity. Easily stolen, guessed, or phished, they expose millions of users to data breaches annually. Passkeys solve these problems by leveraging separate cryptographic keys:
- A Private Key: Stored securely on the user’s device, it never leaves local storage.
- A Public Key: Stored by the service provider, it verifies the user’s identity during login.
This approach eliminates the risks associated with transmitting sensitive information over networks. By supporting WebAuthn—a W3C standard developed in collaboration with the FIDO Alliance—Microsoft ensures that passkeys are compatible across devices and platforms. Users can now authenticate using biometrics or PINs without ever needing a password.
Microsoft revamped its Authenticator app in October 2024, responding to feedback that the earlier passkey setup process was too complex. The update simplified workflows by integrating Bluetooth checks directly into the app and allowing users to complete registration without external dependencies.
With FIDO2 support added to brokered apps on Android, users can log into services like Microsoft Teams using stored passkeys. This functionality exemplifies Microsoft’s push for cross-platform compatibility, ensuring a seamless experience regardless of device.
The Challenge Ahead: Enterprise Adoption
Starting in January 2025, Microsoft will require enterprises using FIDO2 policies without key restrictions to adopt passkeys. While this mandate promises stronger security, it presents logistical challenges for organizations still dependent on traditional authentication methods.
Gary Longsine, CTO at IllumineX, warned that enterprises must fully eliminate passwords to maximize passkey security. “It might be simpler to transition to passkeys than trying to manage exceptions,” Experts recommend conducting comprehensive audits of security policies and preparing employees for the transition.
Related: |
Microsoft’s actions are part of a broader movement within the tech industry. The FIDO Alliance, which includes Apple, Google, and Samsung, has championed passkey adoption as a universal standard. Apple’s iCloud Keychain and Google’s integration of passkeys into Android and Chrome reflect the growing consensus among tech giants.
By introducing a plugin-based WebAuthn model, Microsoft is fostering an ecosystem that encourages third-party innovation while accelerating passwordless adoption. This move ensures that users have greater choice in how they secure their accounts.
Microsoft’s WebAuthn API updates signal a profound shift in how users authenticate. By enabling third-party plugins and advancing cross-platform compatibility, the company is addressing key barriers to adopting passkeys. As the January 2025 deadline approaches, enterprises and individuals alike must prepare for a world where passwords are obsolete.