Microsoft has introduced support for storing and syncing passkeys in Edge via the Microsoft Password Manager, allowing Windows users to authenticate securely without traditional passwords.
The new feature is rolling out with Edge version 142 and is currently limited to Microsoft Accounts (MSA) on Windows, with broader platform support planned.
The update marks a key step in Microsoft’s gradual shift away from password-based authentication, favoring passkeys, cryptographic credentials based on the FIDO2 standard that use public-private key pairs. Unlike passwords, passkeys can’t be phished, guessed, or reused, and they authenticate users through device-based biometrics or PINs.
With the new feature, users can save passkeys directly in Microsoft Password Manager when prompted by a supported website. Once created, the passkeys are encrypted and backed up in the cloud, protected by a dedicated Microsoft Password Manager PIN set by the user during initial setup. This PIN is required to unlock access on new devices, and users have up to 10 attempts to input it correctly before being locked out.
The stored passkeys are logged and monitored using Azure Confidential Ledger, Microsoft’s immutable and tamper-resistant logging service, offering transparency and integrity around passkey usage and PIN resets.
Password management evolving
Microsoft Password Manager is the native credential management system within the Edge browser. Integrated with a user’s Microsoft account, it provides secure storage for passwords, addresses, and now passkeys. While the manager previously supported syncing passwords and form data across devices, the addition of passkey support aligns with industry-wide moves to phase out passwords in favor of more resilient authentication systems.
Passkeys are derived from the FIDO2 protocol, which enables login using device-level authentication methods such as Windows Hello (face recognition, fingerprint, or PIN). The private key is securely stored on the user’s device, while the corresponding public key is held by the service provider. This architecture ensures that a breach of the service provider does not compromise user credentials.
Currently, syncing passkeys via Microsoft Password Manager is only available on Windows 10 and above with Edge version 142 or higher. Users must also be signed in with a personal Microsoft Account. Work and school accounts (Microsoft Entra ID), as well as mobile platforms, are not yet supported, although Microsoft indicates that expansion to other devices and browsers is on the roadmap.
For non-Edge apps and browsers, Microsoft plans to extend passkey usage through a Windows-level plugin, which will allow passkey-based sign-ins outside of Edge.
This launch complements Microsoft’s earlier announcement to retire password autofill in the Microsoft Authenticator app by August 2025. That decision aims to consolidate password and passkey storage under Edge’s management, streamlining how credentials are handled across the Microsoft ecosystem. While Authenticator will retain support for passkeys, its role as a general-purpose password manager is coming to an end.
If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.
