The world of authentication is changing fast, and Microsoft is leading the charge. As of 2025, Microsoft is phasing out passwords in favor of passkeys and password-less sign-ins.
They’re not alone.
Google, Apple, Amazon, and many others are adopting the same approach, backed by global standards from the FIDO Alliance. For EMS organizations, especially those working under the pressure of HIPAA compliance and evolving cyber threats, this isn’t just a tech trend. It’s a strategic shift in how we think about access, security, and operational efficiency.
Why Are Passwords on the Way Out?
Passwords have been the weak link in the security chain for decades. In EMS, where access to protected health information (PHI) is routine, relying on passwords is not just outdated, it’s risky.
Consider this:
- Over 80 percent of breaches involve compromised or reused passwords.
- EMS field devices and station systems often rely on shared credentials or memorized logins.
- Password reuse across systems leaves agencies open to credential stuffing attacks.
- A single HIPAA breach can cost hundreds of thousands of dollars in fines, legal fees, and reputational damage.
Why the Tech Giants Are Going Password-less
Microsoft, Google, Apple, and Amazon are all investing in password-less authentication through passkeys, biometrics, and device-based login systems. These companies understand that:
- Passkeys use public/private key encryption, making them resistant to phishing and credential theft.
- Authentication becomes faster and more reliable, especially important for mobile-first or field-based users.
- Reducing password reliance lowers support costs and security vulnerabilities across large user bases.
- Biometric and device-tied authentication methods better align with modern security frameworks like NIST and HIPAA.
These changes are being built into operating systems, browsers, and identity platforms used every day across the EMS and healthcare technology stack.
What EMS Agencies Can Do Now
- Begin enabling passkeys or biometric login options in systems that support them .
- Use mobile device management (MDM) tools to enforce secure access policies.
- Eliminate shared or default credentials across teams and shift to individual authentication methods.
- Educate your crews about phishing, password risks, and how password-less authentication improves security and speed.
- Revisit your HIPAA risk assessments and security documentation to align with these advancements.
Looking Ahead
This shift isn’t theoretical, it’s already underway. Google accounts now support passkeys by default. Apple integrates passkeys into iCloud Keychain. Amazon Web Services (AWS) is building passkey support into its login flows. Microsoft is actively retiring password storage from Authenticator and making new accounts password-less.
The momentum is clear: password-less is the future of secure authentication.
EMS systems operate in a unique environment. We manage sensitive data on mobile devices, under pressure, across jurisdictions. If anyone needs secure, reliable, fast access – it’s us.
Final Thought
Password-less authentication is not just another technology upgrade. It’s a smarter, safer, and faster way to manage access across your organization. It reduces risk, strengthens compliance, and better supports your providers in the field.
The most prominent tech companies in the world are already moving in this direction. Shouldn’t we start thinking about it in EMS, too?
If you’d like to explore how password-less technology fits into your agency’s security strategy or how to roll it out in a HIPAA-compliant way, feel free to connect or message me.
This article was adapted from a LinkedIn post originally written by Fred Wilkins, and published on the VLI Tech Inc. LinkedIn page on August 7, 2025. Used with permission.