Microsoft enables external passkey management in Windows 11
Microsoft has enhanced passkey management in Windows 11. External programs can now take over – for example, 1Password and Bitwarden.
Windows Hello enables passkey storage in third-party passkey managers
(Image: Microsoft)
Microsoft has enhanced Windows 11, now allowing the use of external passkey managers. Users now have the choice of whether to handle passwordless login with the Microsoft password manager or trusted third-party applications.
According to the blog post from the Windows IT Pro Blog on Microsoft's Techcommunity, the feature is now generally available with the Windows security updates for the November Patch Tuesday. Initially, Microsoft supports the password managers 1Password and Bitwarden.
Plug-in Passkey Managers
Passkeys are not susceptible to phishing, are less vulnerable to data breaches –, and are ultimately easier and faster to use than passwords. Support for plug-in passkey managers therefore offers choice and flexibility, as users have the option to use their preferred passkey manager. Authentication is simple, as passkeys can be created and used for login with Windows Hello. Furthermore, passkeys become available everywhere, as they are synchronized between Windows PCs and mobile devices.
In practice, when creating passkeys, Windows Hello now offers the option to select the program for storage. The screenshot, for example, shows how 1Password is used to store a GitHub passkey. Another screenshot in the blog post shows how Windows Hello uses the password manager Bitwarden to deliver the login passkey.
Passkey manager support allows password managers with passkey support to integrate directly into Windows. Users can store, manage, and use their passkeys across browsers and native apps. The developers have implemented the setup of the preferred credential management as part of the passkey creation process. Authentication relies on Windows Hello with PIN, fingerprint, or facial recognition, ensuring that credentials can only be used by the owner.
Videos by heise
Microsoft Password Manager
As became known last week, Microsoft has equipped the password manager “Autofill” with passkey synchronization in Microsoft's web browser Edge. With the November security update for Windows 11, the password manager lands as a native plug-in in Windows. It can thus be used with Microsoft Edge, other web browsers, or any app that supports passkeys.
Microsoft touts benefits such as synchronization protected by the password manager PIN, which makes passkeys available on other Windows devices where users are logged into Edge with the same Microsoft account. On the server side, Azure Managed Hardware Security Modules (HSMs) protect the encryption keys. Confidential operations take place there in hardware-isolated environments (Azure Confidential Compute), and recovery is secured against tampering by the Azure Confidential Ledger.
(dmk)
