Passwords phased out as passkeys take over amid security concerns

Jakarta, CNBC Indonesia - Microsoft is phasing out traditional password-based account access. The company announced it will no longer authenticate via SMS and is set to remove the feature soon.

Microsoft explained the removal is due to the authentication method being a source of fraud, according to Tech Radar on Sunday (31 May 2026).

No timeline has been given for the phased removal. However, Microsoft stressed that passwordless, secure, and user-friendly authentication will be implemented.

“Switching to passwordless accounts, access keys, and verified emails helps you stay ahead of evolving threats while making account access simpler and smoother,” Microsoft stated.

Typing passwords or OTPs risks being forgotten or stolen. Passkeys work differently, using cryptographic keys stored on devices and services.

Devices verify the correct key upon login via fingerprint, facial recognition, or PIN.

Passkeys are considered more secure as the secret key never leaves the device, making them immune to phishing and data breaches.

Many view passkeys as the superior replacement for passwords, but not all agree.

A 2025 SquareX study found vulnerabilities in the system. When biometric requests are made, the system treats them as security signals.

“Unknown to many, attackers can easily forge passkey registration and authentication by intercepting the passkey workflow in browsers,” said SquareX researcher Shourya Pratap Singh.

“Virtually all corporate and consumer applications, including banking and critical data storage apps, are at risk,” he added.