Passwords Are Broken: How Passkeys & WebAuthn Fix Authentication in ASP.NET Core and Microsoft 365

Passwords Are Broken: How Passkeys & WebAuthn Fix Authentication in ASP.NET Core and Microsoft 365

Passwords aren’t failing because users are careless—they’re failing because the model is fundamentally outdated. Phishing, credential stuffing and endless resets show how fragile a system is that still depends on humans remembering secrets at internet scale. In this episode, you’ll see why tightening password policies barely moves the needle, how much breaches and resets really cost your organization, and why it’s finally realistic to remove passwords altogether instead of patching them.

We start with the true cost of “just one” stolen credential: how a single compromised Microsoft 365 admin account can lead to Teams data exposure, mailbox abuse and weeks of recovery work—without any zero-day exploit. Then we look at the hidden tax of password resets and rotation policies that burn IT time, frustrate employees and still don’t stop attackers from reusing old patterns. You’ll walk away with a clear picture of why passwords can’t scale to today’s threat landscape, no matter how many special characters you add.

From there, we introduce passkeys and WebAuthn as the realistic alternative, not science fiction. You’ll learn how public‑key cryptography flips the model—private keys stay safely on the device, servers only store public keys, and there’s nothing usable for attackers to steal from your database. We break down what this feels like for users (Face ID, Windows Hello, security keys), how WebAuthn lets browsers and platforms talk the same language, and why phishing pages simply stop working when there’s no password to type.

Finally, we get practical for ASP.NET Core teams and decision‑makers. Developers get a high‑level implementation checklist: where to plug passkeys into existing auth flows, which parts of your app change, and what to watch out for in rollout. Leaders get the adoption view: how to position passkeys as both a security and productivity upgrade, what to measure (reset volume, phishing exposure), and how to decide if you’re the one implementing the change or the one sponsoring it.

WHAT YOU’LL LEARN
  • Why passwords keep failing even with stricter policies and better monitoring.
  • How passkeys and WebAuthn replace passwords using public‑key cryptography and device‑based authentication.
  • What the sign‑in experience looks like with Windows Hello, biometrics and security keys.
  • A practical ASP.NET Core checklist for adding passkey support to your existing login flows.
  • How to talk about passwordless authentication with business leaders in terms of risk, cost and user experience.
THE CORE INSIGHT

The core insight of this episode is that passwords aren’t a behavior problem, they’re an architecture problem. Once you stop trying to train users into impossible habits and instead move to passkeys and WebAuthn, you remove the single point of failure attackers depend on—without making sign‑in more painful for the people you’re trying to protect.

WHO THIS EPISODE IS FOR
  • ASP.NET Core and identity developers implementing secure login flows.
  • Security and IAM teams planning passwordless, FIDO2 and WebAuthn projects.
  • IT and business leaders who need to cut phishing risk, reset volume and credential management costs.
ABOUT THE AUTHOR / HOST

Mirko Peters is a Microsoft 365, security and identity consultant and host of the M365.FM podcast, helping organizations treat authentication, devices and cloud apps as one integrated operating system instead of scattered login screens. He works with teams running on Microsoft 365, Azure and modern .NET to design passwordless strategies—using passkeys, WebAuthn and strong device identity—so “just one bad password” stops being the root cause of their biggest incidents.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(768)

Building a Secure Microsoft-First MSP: Intune, Defender & Entra ID at Scale with Albin Klinaku [MVP]

Building a Secure Microsoft-First MSP: Intune, Defender & Entra ID at Scale with Albin Klinaku [MVP]

Building a successful Managed Service Provider today requires much more than managing devices and responding to support tickets. Modern MSPs must become trusted security partners, helping organization...

16 Juli 1h

Microsoft Entra Permissions Management - Simply Explained

Microsoft Entra Permissions Management - Simply Explained

Cloud security isn't just about protecting user accounts anymore. Modern organizations manage thousands of identities across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP)...

16 Juli 13min

Managed Identities - Simply Explained

Managed Identities - Simply Explained

Managing passwords, connection strings, client secrets, and certificates has always been one of the biggest challenges when building secure cloud applications. Every application that connects to Azure...

16 Juli 16min

Azure API Management - Simply Explained

Azure API Management - Simply Explained

Azure API Management (APIM) is one of the most important services in Microsoft Azure for organizations building modern cloud applications, microservices, and enterprise integrations. While APIs make i...

16 Juli 14min

Azure Load Balancer — Simply Explained

Azure Load Balancer — Simply Explained

Every application starts small. A single virtual machine serves your website, processes customer requests, and handles all incoming traffic. At first, everything works perfectly. But as your user base...

16 Juli 15min

Azure Front Door - Simply Explained

Azure Front Door - Simply Explained

Building a website that performs well for users around the world is far more challenging than simply deploying a web application to Azure. A server hosted in North America may respond quickly for user...

16 Juli 17min

Azure Virtual WAN - Simply Explained

Azure Virtual WAN - Simply Explained

Building a global Azure network manually becomes increasingly difficult as your organization grows. What starts as a simple hub-and-spoke deployment quickly turns into a maze of virtual network peerin...

16 Juli 14min

Azure Firewall - Simply Explained

Azure Firewall - Simply Explained

Securing a traditional office network was relatively straightforward—you installed a physical firewall at the edge of your network and inspected everything entering or leaving your building. But cloud...

16 Juli 13min

Populärt inom Politik & nyheter

aftonbladet-krim
svenska-fall
p3-krim
rss-krimstad
tv4-nyheterna-story
aftonbladet-daily
flashback-forever
motiv
rss-sanning-konsekvens
de-fyras-gang
rss-krimreportrarna
rss-vad-fan-hande
mannen-utan-spar
spar
rss-frandfors-horna
rss-flodet
rss-aftonbladet-krim
krimmagasinet
politiken
olyckan-inifran