I've started testing passkeys for my IT team and a few other users, and I find them way better than the traditional combination of usernames, passwords, and MFA. They seem to offer improved security, are virtually unphishable, plus they make things faster and easier for users. I'm thinking about rolling this out across the board, but my boss is worried. He thinks users will struggle to keep track of different authentication methods, especially if they forget their passwords on mobile devices. He's anticipating user complaints and a spike in password reset requests. I see it as a win for IT—better security and a smoother user experience, especially since users often complain about all the logins with SSO. My boss uses an Android and Google Auth instead of Microsoft Auth, which may be affecting his view. I'm planning to test it on Android myself, but I'd love to hear about your experiences with passkeys so far!
4 Answers
We've made a company-wide switch to phishing-resistant methods and it’s been pretty smooth overall. We did a pilot program for three months first to iron out any issues. Android 14 or higher is definitely necessary for passkeys in Microsoft Auth, but it’s been worth it. Just be aware that some older systems won't support passkeys, so you'll need a backup plan in case users hit any snags.
Sounds like you’re on the right track! Using Android 14+ with Microsoft Auth seems to be the way to go. I totally get your boss's concerns, but I've found that once users get familiar with passkeys, they actually prefer them over traditional methods. Just make sure everyone knows how to activate it! Some users might resist using their personal devices for work, but as long as they understand the security benefits, they might be more open to it.
Agreed! Getting users educated on how to set it up is key. Once they're comfortable, they usually love the security features.
I had some mixed experiences with MS onboarding; it can get pretty buggy for users. The whole passkey setup seems like a convoluted process compared to other systems. But I do believe moving towards passwordless is the way forward; just make sure you’re ready to support users through the transition.
That’s a great point! The user experience is really critical, especially for less tech-savvy individuals.
I love using my USB-C YubiKey on my Android; it’s super secure! I’m all about passkeys now, but I understand the hesitance from some users. A few of our team members have been resistant to the change, preferring older methods like SMS. Good luck with your rollout!
Just keep in mind, certain browsers and systems might have compatibility issues with passkeys, especially if they’re older.
Yes! We went fully phishing resistant last year too, and people didn’t even complain. The transition was smoother than expected.