Category: Tech Tip | Published: 2026-03-06
A Simple Change That Dramatically Reduces Phishing Risk
Passkeys let you sign in without a password, dramatically reducing the risk of phishing and credential theft. Most UK business users can set one up on their Microsoft 365 or Google Workspace account in just a few minutes.
What Is a Passkey?
A passkey is a password replacement that uses your device's built-in security - such as a fingerprint, facial recognition, a PIN, or Windows Hello - to authenticate you. Instead of typing a password that could be stolen, guessed or reused, you approve the sign-in securely on your own device.
Both Microsoft and Google now support passkeys for business and personal accounts, and they are widely regarded as a major step forward in phishing-resistant authentication.
Why This Matters for Businesses
Phishing and password spraying remain two of the most common ways attackers gain access to business email and cloud systems. If a password is stolen through a fake login page or reused from another breach, it can be used immediately.
Passkeys change that. There is no password to steal, reuse or type into a fake website. Even if you land on a convincing phishing page, a passkey will not authenticate against it. For individual users, this is one of the simplest and most effective security upgrades available today.
How to Set Up a Passkey on a Microsoft Work or School Account
1. Go to your Microsoft account security page (mysignins.microsoft.com/security-info) or navigate to Security info.
2. Select _Add sign-in method_.
3. Choose _Passkey_ from the list of options.
4. Select _Add_ and follow the on-screen prompts.
5. Choose where to store the passkey - for example, Windows Hello on your PC or your mobile device.
6. Complete the verification step if prompted.
Once configured, you can use your fingerprint, face or device PIN to sign in instead of entering your password.
If you do not see Passkey as an option, your organisation's IT administrator may need to enable it within Microsoft Entra ID first. If you are a Cloud Smart Solutions client, get in touch and we can enable this for you.
How to Set Up a Passkey on a Google Account
1. Go to your Google account security settings (myaccount.google.com/security) whilst signed in.
2. Scroll to the section labelled _Passkeys_.
3. Select _Create a passkey_.
4. Follow the prompts to store the passkey on your device, such as your phone or laptop.
5. Confirm using your device unlock method.
Google will then allow you to sign in using your device authentication rather than a traditional password.
A Practical Approach
Start with your most important accounts, especially your business email. You can keep your existing authentication methods during the transition, but moving to passkey-based sign-in removes one of the most common attack routes used against UK businesses.
This is a small change, made in your own account settings, that can significantly reduce phishing risk and strengthen your first line of defence.
If you would like help setting up passkeys across your organisation or have questions about whether your current setup supports them, our team is here to help. Get in touch with Cloud Smart Solutions to discuss your options.