Forget passwords: Passwords are debuting in Windows 11 and I want more
Passwords are a pain. They are hard to remember, easy to forget, and often insecure. That's why I'm excited about the new feature that Microsoft is entering into Windows 11: access keys.
Passcodes are a form of passwordless authentication that uses your device and biometrics to log in to your online accounts. Instead of typing a password, you just need to scan your face, fingerprint or PIN on your device and you're done. No more password managers, no more phishing, no more password resets.
Passwords are based on the FIDO2 standard, which is supported by many websites and services, including Microsoft, Google, Dropbox, Facebook, and Twitter. You can use passkeys to sign in to any website that supports FIDO2, or use the Microsoft Authenticator app to sign in to other websites that don't support it.
Passwords are not only more convenient, but also more secure than passwords. They use public key cryptography to create a unique key pair for each account and device. The private key is stored securely on your device and the public key is registered on the website. When you log in, your device proves it has the private key without revealing it, and the website verifies that it matches the public key. This way, even if a hacker steals your public key or intercepts your login request, he won't be able to access your account without your device and biometrics.
Passwords are also more privacy-friendly than passwords. They do not require you to share any personal information with the website, such as your email address or phone number. You can create as many passcodes as you want for different accounts and devices, and delete them at any time. You are in control of your online identity.
I think passcodes are a great innovation that will make our online lives easier and more secure. I hope more websites and services adopt the FIDO2 standard and support Passkeys in the future. I also hope that Microsoft expands Passkeys to other platforms and devices, such as Android and iOS phones, tablets, and wearables. Imagine being able to log into any website or app with just a tap on your wrist or a glance at your phone. That's the future I want.
Windows Passcodes are the future of Windows 11 authentication. I've been testing them and I'm impressed. Very impressed.
You may remember that Windows 10 introduced Windows Hello, a biometric way to log in to your PC. With Windows Hello, you can simply look at your laptop's camera and avoid the need to enter a Windows password. It's easy, convenient and secure.
Passcodes are the next step and are being rolled out in the Windows 11 22H2 update, which is now available. (They will also be part of the Windows 11 22H3 or Windows 11 2023 update, which will arrive in the last quarter of the year.) Passwords allow you to use your PC's biometric recognition to log into websites. Basically, you're using Windows Hello for the web.
Right now, there are only a few sites that support passcodes: Best Buy, WhatsApp, GitHub, and 1Password. And the problem is that you must create an access key for each site.
I use two passcodes to access my PC: one for my Microsoft account and one for Google. These access keys are more secure and convenient than passwords because they are unique for each device and do not need to be written down. This is how I set them up.
For my Microsoft account, I went to the Microsoft account site and followed the instructions to create a passkey for Windows. Alternatively, Windows Hello can automatically generate a passkey when I sign in with my face or fingerprint. I have three devices running the Windows 11 22H2 update and I only had to manually create a passkey on one of them.
For my Google account, I visited the Google Password site, logged in, and chose to create a passcode. Google gave me the option to use paired phones as passcodes, but I decided to create a passcode on “this device,” which is my PC. That forced me to click on that option and enter my Google password. (By the way, Chrome also supports passkeys.) Microsoft has some general guidelines on how to create Windows access keys here, but they may differ by site.
I can manage my passwords in the Windows Settings menu (Accounts > Passwords), where I can also delete them if I want. In case I have problems with my passcode, such as changing my appearance or having a dirty fingerprint sensor, I can still use a PIN as a backup option.
