Windows 11 and Password Managers Expand Passkey Support
Microsoft has introduced a new Windows API that allows third-party applications, such as 1Password, to manage passkeys directly within Windows 11. This integration enables users to create, sync, and manage passkeys using their preferred password manager, leveraging Windows Hello for authentication. The update aims to simplify the user experience by allowing password managers to take over credential management from Windows, making it easier for users to adopt passkeys for secure authentication across devices and services.
The shift towards passkey authentication is part of a broader industry move to replace traditional passwords with more secure, phishing-resistant credentials. Passkeys utilize cryptographic methods and can be managed by platform, virtual, or roaming authenticators, with password managers increasingly supporting software-only (virtual) authenticators. This approach addresses longstanding security issues associated with passwords, such as susceptibility to phishing and poor user password hygiene, and is expected to become the standard for online authentication as more services adopt passkey support.
Sources
Related Stories
Password Manager Security Risks and Windows 11 Passkey Integration
Password managers have become essential tools for users managing a growing number of online accounts, but they are also increasingly targeted by cybercriminals. Attackers may attempt to compromise master passwords through brute-force attacks, exploit software vulnerabilities, or use phishing techniques such as malicious ads to trick users into revealing their credentials. Security experts highlight the importance of vigilance and adopting best practices to mitigate these risks, as unauthorized access to a password vault can lead to identity fraud or the sale of sensitive credentials on underground markets. In response to evolving authentication needs and security threats, Microsoft has introduced native support for third-party passkey managers in Windows 11, including 1Password and Bitwarden. This integration, enabled by a new passkey API, allows users to manage passkeys—secure authentication credentials based on FIDO2/WebAuthn standards—directly within Windows. Passkeys offer enhanced security by leveraging public-private key cryptography and are resistant to phishing attacks. The update also brings native integration of Microsoft Password Manager, providing users with more flexibility and security options for managing their digital identities.
4 months agoPasswordless Authentication and Passkey Adoption for Fraud Prevention
Microsoft has begun rolling out support for syncing passkeys across Windows devices and its Edge browser, addressing a key barrier to widespread adoption of passwordless authentication. This phased rollout starts with Edge on Windows 10 and 11, with plans to expand to iOS, Android, and MacOS, aiming to make passkey management seamless for users and organizations. The move is expected to accelerate the shift away from traditional passwords, leveraging the FIDO Alliance's non-phishable passkey standard to enhance security and usability across platforms. Industry experts highlight that passwordless authentication is not just a technological upgrade but a critical component in modern fraud prevention strategies. As organizations transition to passkeys and device-based authentication, they face challenges such as cross-device access and user education. Integrating behavioral analytics with passwordless systems is seen as essential for detecting sophisticated fraud attempts, including those involving AI-driven identity spoofing and deepfakes, ensuring both external and internal threats are mitigated effectively.
4 months ago
Microsoft and Bitwarden Expand Windows 11 Enterprise Authentication and Endpoint Onboarding Capabilities
*Bitwarden* announced support for **passkey-based login on Windows 11**, enabling phishing-resistant, passwordless sign-in using passkeys stored in a user’s encrypted Bitwarden vault. The flow uses the Windows “security key” option and a QR-code confirmation from a mobile device, with authentication performed via cryptographic challenge/response rather than transmitting shared secrets; Bitwarden positions this as reducing credential theft risk from phishing. The capability depends on Microsoft’s Windows 11 passkey provider support and requires specific enterprise conditions, including **Entra ID–joined devices**, **FIDO2 security key sign-in enabled**, and a **registered Entra ID passkey** stored in Bitwarden. Microsoft also introduced an updated **Defender deployment tool for Windows** aimed at streamlining large-scale endpoint onboarding into Microsoft Defender. The tool packages onboarding information into a single downloadable `.exe` (reducing the need for separate onboarding files across modern and legacy systems), supports silent/non-interactive deployment via tools like Group Policy or Configuration Manager, and adds administrative controls to reduce risk if onboarding packages are shared externally (e.g., identifiers/keys, tracking, and package expiration up to one year). Microsoft Defender portal updates add improved guidance and visibility, with onboarding events surfaced in device timelines and advanced hunting to help teams monitor progress and troubleshoot errors during rollout.
1 weeks ago