Passkeys aim to simplify the management of multiple logins; however, they are typically bound to a specific device. Microsoft has taken a significant step by enabling cloud synchronization of passkeys. This development raises an essential question for users: is it advisable to utilize this feature?
Cloud Syncing of Passkeys with Microsoft Edge
For those utilizing the Microsoft Password Manager integrated into Edge, your passkeys may already be stored there. While this differs from standard two-factor authentication, Microsoft has introduced a feature that allows synchronization of passwords across various Windows devices using the Microsoft Password Manager in Edge.
This new synchronization functionality resolves a key challenge associated with passkeys being tied to individual devices. Previously, if your passkey was linked to your desktop, you would need that device for login authentication. While this method is undeniably secure—since websites do not store your password and the private cryptographic key resides locally—it posed accessibility issues in case of device loss or failure.
With Microsoft’s cloud syncing, authenticating new devices can be accomplished simply by using your unique Microsoft Password Manager PIN, granting you immediate access to all your passkeys on that new device.
If your primary device is lost or experiences a failure, leveraging just your PIN allows you to sync to a new device effortlessly, eliminating the need for recovery codes typically required for account access.
Basic Requirements with Limited Scope
While Microsoft often complicates features, the requirements for this new passkey sync capability are straightforward. You merely need a Microsoft account, Windows 10 or later, and Microsoft Edge version 142 or higher. To check your version, open Edge, click on the three dots in the menu, and navigate to Help and feedback -> About Microsoft Edge.
If you haven’t yet updated to Edge version 142, be aware that Microsoft is rolling it out gradually. As with major Windows system updates, it may take time before it is available to all users.
This new feature integrates seamlessly with Windows Hello. Users already enrolled can use their PIN or biometric logins within Edge.
However, it’s important to note that cloud synchronization of passkeys is currently restricted to Windows devices. Even though you can use the Edge browser on other operating systems like Android or macOS, transferring passkeys remains unavailable on those platforms. Microsoft has expressed intentions to extend this capability to additional systems soon.
Moreover, another limitation is that passkeys are accessible exclusively within Edge, omitting compatibility with other browsers or applications on Windows. Microsoft intends to launch a Microsoft Password Manager plugin to broaden applicability across their ecosystem.
How to Set Up Passkey Syncing in Edge
To initiate syncing, visit a website in the Edge browser that accepts passkeys; Gmail serves as an effective example. When prompted, click on Continue to begin the passkey setup.
If you haven’t configured your Microsoft Password Manager PIN yet, you will be prompted to do so during this process. It is vital to remember this PIN since it is crucial for accessing your passkeys in the cloud.
Should you need to reset your PIN, open Edge, click the three dots in the top right corner, select Settings -> Passwords and autofill -> Microsoft Password Manager -> Settings. Note that this must be done on a device that currently contains your synced passkeys.
When you open Edge on a different Windows device, simply use your Microsoft Password Manager PIN to sync your passkeys and log in to any site that recognizes your passkey, utilizing your preferred authentication method—whether that be a PIN or biometric identification.
Is Syncing Passkeys in the Cloud Worth It?
Enabling sync alleviates the concern of being confined to a single device. If your device fails, is lost, or stolen, without a proper backup plan (like recovery codes), regaining access to your accounts can be a daunting challenge.
However, this shift also introduces several potential security vulnerabilities. Specifically, alongside remembering your passkey login method, you must also recall the additional PIN for the Microsoft Password Manager. Failure to do so within ten attempts leads to a lockout.
Additionally, if someone has physical access to your logged-in device, they can potentially reset your Microsoft Password Manager PIN. In the unfortunate event that your Microsoft account is compromised, this could lead to unauthorized access to your passkeys. To mitigate this risk, ensure you lock your PC when unattended, or utilize Dynamic Lock features.
Another nuancing threat emerges: your passkeys are no longer confined to a singular device. Malicious actors who gain your Microsoft Password Manager PIN and access to your account could potentially sync all your passkeys. Thus, it is advisable to utilize biometric logins where applicable.
Moreover, the issue of compatibility persistently looms. Although syncing is convenient, its current limitation to Windows devices and the Edge browser diminishes its overall utility.
In many cases, it remains more prudent to maintain physical recovery codes, especially if you utilize passkeys across various devices or password managers. For added security, consider storing these recovery codes on a dedicated USB drive tailored for confidential files.
Leave a Reply