Microsoft Introduces Passkey Synchronization in Edge

The Edge web browser includes a password manager “Autofill,” which Microsoft has now taught to handle passkeys. Starting with Edge version 142, which is based on open-source Chromium, the browser can store passkeys and sync them across Windows desktop devices.

Microsoft explains the new feature in a blog post by Microsoft. The company is rolling it out gradually in Microsoft Edge 142 on Windows for Microsoft Accounts (MSA). It is expected to become available on other platforms in the future.

Advantages of Passkeys

Passkeys are a simpler and more secure way to log in to apps and websites without needing a password. Instead of a password, users authenticate themselves with built-in security mechanisms such as fingerprint, facial recognition, or a PIN. Passkeys are based on the FIDO2 standard, which uses public-key cryptography for secure login. The unique private key for the website remains in the user's own (local) account, while the website only receives a public key. Microsoft further explains that access remains secure even after a website data breach.

Therefore, Microsoft recommends using passkeys. They provide stronger security, are faster and easier to log in with, and can be used seamlessly across devices with passkey synchronization. Privacy is paramount, as biometric data is verified locally on the device, and websites only receive a cryptographic proof of identity.

Passkey Storage with Edge Autofill

Currently, Edge only supports storing passkeys on Windows, but Microsoft plans to expand this to other platforms. The company has not provided a timeline for this. Autofill stores the passkeys in the Microsoft account. These are protected by a PIN that is set up when a passkey is saved for the first time. When visiting a website that supports passkeys, a prompt will appear asking if the user wants to create a passkey in Microsoft's password manager. The passkey created and stored in this way can be used for future logins with the preferred device authentication method, whether it's fingerprint, facial recognition, or a PIN code.

Synchronization to other devices requires an authenticity check – which is done with the PIN for the Microsoft password manager. This unlocks passkey access on new devices. Autofill with passkey support requires at least Windows 10, Microsoft Edge 142, and a Microsoft account. Microsoft assures that passkeys are stored securely encrypted in the cloud, with additional PIN protection. On new devices, users have a maximum of ten attempts to enter the correct PIN to unlock.

If the PIN is forgotten, it can be reset on a device that already has passkey access. Microsoft logs the unlock and reset attempts of the password manager PIN in Azure.

Microsoft originally equipped the Authenticator with the password manager “Autofill.” In May, Microsoft's plans to scrap this extension starting in July of this year became known. Autofill is still available in the Edge web browser, allowing access to credentials from Authenticator Autofill that are automatically synced with the Microsoft account.

(dmk)