Secure Your Business with Passkeys

What are passkeys?

Passkeys are a solution that provides more secure login and replaces traditional passwords. You’re probably already familiar with facial recognition, fingerprints, and PIN codes, which are also forms of passkeys. Now you can also use your cell phone to log in to various services securely and easily.

Why should you use passkeys?

The vast majority of security incidents begin with a click on a phishing link. As many as nine out of ten cyberattacks that we block for our customers involve compromised accounts resulting from successful phishing attempts. This is simply because traditional passwords and two-factor authentication are vulnerable to this type of attack.

Time and again, we see that if someone clicks on a phishing link, even two-factor authentication can be bypassed.

The consequences are often:

• Sending scam emails from your account
• Unauthorized access to and downloading of sensitive documents
• Falsified invoices and financial losses

Passkeys were developed to solve this very problem.

What are the benefits of passkeys?

When it comes to IT security, some of the biggest advantages of passkeys are:

• Replaces traditional passwords, which means you don't need to use them when logging in. As a result, they can't be stolen when you log in.
• Requires that your device be available in order to work. This means that an attacker must have access to, for example, your cell phone in order to access your account.
• Blocks the type of attacks we see most frequently in our security center.
• Significantly increases the level of security compared to traditional two-factor authentication.

In addition to enhanced security, passkeys also:

• Significantly faster than the traditional combination of username, password, and two-factor authentication.
• It's easier to use because you don't have to create and remember new, complex passwords for each service.
• Compatible with a wide range of systems and devices, including password managers.
• Easier to get started with than before.

How do I get started with passkeys?

To implement passkeys in the company, two things are required:

1. The IT administrator must enable the feature in your environment.
2. Each user must enable it for their own account.

If everything is configured correctly, getting started can be this easy:

1. Open Microsoft Authenticator and select the account for which you want to create a passkey.
2. Tap “Create a passkey.”
3. Tap “Sign in.”
4. Sign in with your password and/or verify your sign-in using Microsoft Authenticator.
5. Verify using your fingerprint, Face ID, or your phone's PIN.
6. Done! You have now created a passkey for the selected account.

However, if you’re planning to roll out passkeys across your entire organization, you’ll need a well-thought-out plan and the right support in place. Here’s how we did it when we rolled it out ourselves earlier this year:

• Developed a rollout plan that included departments and clear timeframes.
• Informed the entire company about the change, what was expected, and when it would be implemented, and kept employees updated throughout the project.
• We created a simple guide that employees could follow when setting up their passkeys. To make it as easy as possible, we used detailed instructions with screenshots and produced short demonstration videos for both iPhone and Android.
• We rolled out the solution in stages over several weeks, department by department. That way, we were able to maintain control throughout the process and assist the employees who needed support.