Secure 0118 359 2220 Get Started

Press ESC to close or Enter to search

Popular Pages
Managed IT Cyber Security Case Studies Pricing Contact
Home
About Us
Services
Managed IT Services Cyber Security & Compliance Microsoft 365 Cloud & Hosting Backup & Disaster Recovery Connectivity & Telephony Incident Response & 24/7 IT Support Reading
Pricing
Tools
Domain Health Check About You Password Generator
Resources
Case Studies Threat Intelligence Blog & Insights Guides FAQs Customer Portal Remote Support
Contact
Get Started
Live Security Feed
Your IPDetecting...
NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025 NCSCUK organisations urged to strengthen cyber defences ALERTPhishing attacks targeting Microsoft 365 users on the rise CISACritical vulnerabilities identified in popular software NEWSRansomware groups increasingly targeting SME businesses NCSCNew guidance released for securing remote workers ALERTBusiness email compromise attacks cost UK firms millions CISAZero-day exploits require immediate patching attention NEWSAI-powered threats becoming more sophisticated in 2025
View Dashboard
Microsoft

What Are Passkeys and Should My Business Use Them?

Quick Answer

Passkeys are cryptographic credentials that replace passwords. They're phishing-resistant, can't be stolen in data breaches, and are easier than remembering passwords. Major platforms support them now. For businesses, they're the future of authentication—start planning adoption.

Quick answer: Passkeys are cryptographic credentials that replace passwords. They're phishing-resistant, can't be stolen in data breaches, and are easier than remembering passwords. Major platforms support them now. For businesses, they're the future of authentication—start planning adoption.

What Passkeys Are

The problem with passwords:

  • Users create weak ones
  • Users reuse them across sites
  • Phishing steals them
  • Data breaches expose them
  • They're a terrible user experience
The passkey solution:
  • Cryptographic key pair
  • Private key stored on device
  • Public key stored by service
  • Authentication happens locally on your device
  • Nothing useful to phish or steal

How Passkeys Work

Registration:

  1. You create an account at a website
  2. Your device creates a unique key pair
  3. Private key stays on your device (secure enclave)
  4. Public key goes to the website
Authentication:
  1. You visit the website
  2. Site sends a challenge
  3. Your device signs the challenge with private key
  4. Biometric or PIN unlocks the key locally
  5. You're logged in
What's different:
  • No password transmitted
  • Nothing to phish (key only works for legitimate site)
  • Nothing stored server-side to breach
  • Your biometric never leaves your device

Why Passkeys Are More Secure

Phishing-resistant: Passkeys are bound to specific websites. A fake site can't get a passkey for the real site—it doesn't match.

No credential theft: Nothing useful to steal. The private key never leaves your device. Data breaches can't expose passwords you don't have.

No password reuse: Each site gets unique cryptographic credentials.

No weak passwords: Cryptographic keys are inherently strong.

Current State (2026)

Consumer adoption:

  • Apple, Google, Microsoft all support passkeys
  • Major sites: Google, Microsoft, Amazon, PayPal, eBay, many more
  • Syncing across devices via iCloud, Google Password Manager, etc.
Enterprise adoption:
  • Microsoft Entra ID supports passkeys
  • Google Workspace supports passkeys
  • Many enterprise apps adding support
  • Still early for full business adoption

Business Implementation

Where passkeys work today

Microsoft 365 / Entra ID: Passkeys supported as a passwordless authentication method. Can be phased in alongside existing MFA.

Google Workspace: Passkeys available for Google accounts. Enterprise controls available.

Consumer apps: Many B2C applications your employees use personally.

Implementation approach

Phase 1: Enable and pilot

  • Enable passkeys as an option
  • Pilot with IT-savvy users
  • Learn from experience
Phase 2: Encourage adoption
  • Promote passkeys for convenience
  • Train users on registration
  • Support cross-device scenarios
Phase 3: Require for sensitive accounts
  • Mandate passkeys for privileged users
  • Remove password option where feasible
  • Hardware security keys for highest security

Hardware security keys vs device passkeys

Device-bound passkeys:

  • Stored on phone or computer
  • Can sync across devices (Apple, Google)
  • Convenient for most users
  • Good security for general use
Hardware security keys (FIDO2):
  • Physical device (YubiKey, etc.)
  • Not synced, not copyable
  • Highest security
  • Best for privileged accounts

Challenges for Businesses

Legacy application support: Not all apps support passkeys yet. Passwords will coexist for years.

Device management: What happens when employees leave? Device-bound passkeys need management consideration.

Recovery: Lost device recovery needs planning. Multiple passkeys, backup options.

User training: New concept for most users. Needs clear communication.

Our Recommendation

Start preparing now:

  1. Enable passkeys in Microsoft 365 and Google Workspace
  2. Pilot with technical users
  3. Hardware keys for IT admin accounts
  4. Plan for broader rollout
Passkeys are the future. Better security, better user experience. Start the transition.

What We Help With

We're deploying passwordless authentication for clients:

  • Microsoft Entra passwordless configuration
  • FIDO2 security key deployment for admins
  • Passkey enablement and policy
  • User training and communication
  • Migration planning
The password era is ending. We'll help you transition.

---

about passkey implementation.

---

Related Questions