With Microsoft Ending Password Support, What’s the Future of Passwordless Authentication?

The impending elimination of password support by Microsoft would suggest that the industry is rapidly moving towards a future where passwordless authentication is the norm, however, the data tells us another story. Rather than heralding a drastic sea-change, Microsoft’s decision arrives amid a more gradual transformation, one that is still very much in progress. Solutions that can generate and secure traditional passwords remain critical for individuals and organisations alike—even as passwordless authentication becomes more widely adopted across digital systems.

Research conducted by Keeper Security reveals that 40% of organisations continue to operate in a hybrid authentication environment, where passwords and passkeys coexist. This is more reflective of the current cybersecurity reality—one in which passkeys offer distinct advantages such as resistance to phishing, ease of use and secure public-key cryptography—but in which the infrastructure, user behaviour and systems required for universal adoption are still catching up.

For many organisations their legacy cybersecurity systems remain dependent on passwords, with the cost and complexity of moving to a passwordless environment seen as prime barriers to immediate transition. That’s why 70% of the companies Keeper surveyed that are committed to adopting passkeys are taking a phased approach, introducing them incrementally while still managing password-based access where necessary.

Managing hybrid systems still produces its own risks. In our report, 67% of businesses cited phishing as a persistent threat, even in environments where passkeys are already in use. The problem is compounded by poor password hygiene, with 40% of employees admitting to reusing passwords across accounts. These behaviours leave organisations highly vulnerable to credential-based attacks.

The solution lies in strategic layering. Businesses should prioritise deploying passkeys in high-security areas, such as privileged access and customer data, while ensuring that any remaining passwords are strong, unique and encrypted.

A zero-knowledge architecture and Privileged Access Management (PAM) platform can further bridge this gap, delivering secure credential storage, MFA enforcement, protection of privileged accounts and visibility across the authentication landscape. The end of passwords in one platform does not signal the end of passwords altogether. It is a slow and gradual transition that necessitates modern and agile security solutions to meet the demands of today’s hybrid authentication environment.

However slow and gradual the transition to passwordless authentication might be, it is a transition that needs to happen—and it has to start now.