In a significant shift towards enhancing digital security, Microsoft is on a mission to transition over 1 billion users away from traditional passwords for logging into their accounts. This ambitious endeavor aims to simplify the login process across its various platforms, including Windows, Xbox, and Microsoft 365.
As part of this initiative, Microsoft is promoting the adoption of a new authentication method known as "passkey." This innovative approach allows users to access their accounts using biometric methods such as fingerprint recognition, facial scanning, or screen locks. With the increasing prevalence of passkeys and other secure authentication techniques, Microsoft recognizes the necessity of updating the user experience to meet modern security standards.
By the end of April 2025, Microsoft plans to roll out a revamped login and registration process across its web and mobile applications, all designed with the company's Fluent 2 design language. This new system aims to create a seamless transition between logging in and utilizing Microsoft products, thus enhancing user satisfaction.
In addition to the new design, Microsoft has made adjustments to minimize errors and streamline the account recovery process. Setting up a new Microsoft account has been simplified significantly; users now only need an email address and a one-time verification code. Once set up, this email will serve as the primary access point for account login, eliminating the need for traditional passwords.
For account recovery or logging in on a new device, the attached email will facilitate a smoother process. Essentially, Microsoft is shifting the focus to using email for registration and login, while passkeys will ensure robust security measures are in place.
The company is also improving the authentication process by streamlining design and flow, making it faster and more intuitive. The new design helps users concentrate better and guarantees a smooth experience across all devices, from desktops to mobile phones.
Additionally, Microsoft has taken customer feedback into account, introducing a light and dark theme feature in the new login flow. This allows for automatic switching based on user preferences, which will soon be available on other consumer applications.
With these updates, passkeys are becoming a crucial solution, particularly on Windows devices. Experts note that passkeys not only enhance security but also provide a smoother login experience. Passkeys operate on a dual-key cryptographic system: one key is stored on the user's device (like a phone), while the other is kept on the platform the user is logging into. Both keys must be used together to access the account, providing an additional layer of security.
Many users may have already encountered passkeys on devices such as iPhones, Galaxy phones, or Pixels, as Apple, Samsung, and Google have long adopted this authentication method. This shift towards passkeys marks a significant advancement in how users interact with their digital accounts, paving the way for a more secure online environment.
Meanwhile, in the realm of cybersecurity, the threat of information-stealing malware continues to escalate. According to reports from Kaspersky, approximately 25 million devices have been targeted by this type of malware in 2023 and 2024. This malware, aptly named "infostealer," lives up to its name by gathering sensitive information such as bank card numbers, login credentials, and other private data.
Kaspersky estimates that around 2.3 million bank cards were leaked on the dark web during this period. Alarmingly, in 2024 alone, 9 million devices fell victim to information-stealing malware, bringing the total number of compromised devices to a staggering 26 million.
Despite only 1% of bank cards issued globally being leaked on the dark web, a concerning 95% of the leaked cards are considered "technically valid," according to Kaspersky's findings. However, this malware does not stop at stealing bank account numbers; it also captures credentials, including usernames and passwords—data crucial for user identity verification.
These stolen credentials, along with cookies, are then disseminated within the dark web community. Notably, victims often remain unaware that they have inadvertently installed malware on their devices, as it is frequently disguised as legitimate software.
Kaspersky's report highlights a prevalent example involving gaming cheat software: victims download the software, unknowingly executing a malicious file. The malware then spreads to other devices through phishing links, malicious email attachments, infected websites, and various other methods.
Last year, Redline emerged as the most widely used information-stealing malware, accounting for 34% of infections. Risepro, another malware variant, saw its infection rate soar from 14% in 2023 to 23% in 2024. Additionally, Stealc, which launched in 2023 with a 3% infection rate, climbed to 13% in 2024.
Kaspersky advises users who fall victim to information-stealing malware to closely monitor their bank accounts and heed any notifications from their banks. They recommend canceling and reissuing bank cards, changing passwords for banking apps and websites, and enabling two-factor authentication wherever possible. Users should also be vigilant against phishing attacks, fake messages, and suspicious phone calls.
If there's any doubt regarding the authenticity of a notification, email, or message, Kaspersky suggests contacting the bank directly. Furthermore, users are encouraged to run security scans on their devices and eliminate any detected malware.
Experts warn that the trend of information-stealing malware attacks is becoming increasingly sophisticated. Cybercriminals are not only targeting individual users but are expanding their sights to businesses, particularly in the finance, e-commerce, and online service sectors. Once internal systems are compromised, a multitude of customer accounts can be infiltrated, leading to severe repercussions.
Given these developments, businesses must also enhance their awareness and implement robust security measures to protect sensitive data. As both Microsoft and Kaspersky work towards improving digital security, users and businesses alike must remain vigilant in safeguarding their information against evolving threats.
