Microsoft will allow the user to remove passwords from Microsoft accounts to embrace a new future without needing a password. Starting today, the tech giant will allow consumers to access their Microsoft accounts via its Microsoft Authenticator app, Windows Hello, a security key or an SMS/email verification code instead of the traditional password.
The new option comes just months after Microsoft began rolling out passwordless authentication for business users in March to help people adjust to the reality of telecommuting. “When I think about security, I think people have to protect their entire life,” said Vasu Jakkal, corporate vice president of security, compliance and identity at Microsoft.
Microsoft has been working toward a passwordless future for a few years now, and the pandemic has only accelerated things. “When you have digital transformation and companies need to stay remote overnight, the number of digital surfaces has increased exponentially,” explains Jakkal. “The number of attack surfaces has increased exponentially, so this was a big factor for us in accelerating many of our security initiatives.”
Today is a very important milestone for Microsoft’s passwordless ambitions, after the company enabled security keys in 2018 and made Windows 10 passwordless in 2019. “We are implementing this at Microsoft and almost 100% of Microsoft is not now has a password,” says Jakkal. More than 200 million commercial customers are already using the passwordless option, and Jakkal is optimistic about adoption among consumers.
Removing your password is also a relatively simple process. You must have the Microsoft Authenticator mobile app installed and rightly linked to your personal Microsoft account. Once completed, you can visit account.microsoft.com and choose advanced security options and enable passwordless accounts in the additional security section.
The benefits of passwordless login are very clear. Most people create their own passwords and it is often a challenge to create something that is secure and memorable without relying on a password generator. People also often reuse their passwords, allowing attackers to quickly log in to a variety of compromised accounts.
Google, Apple and other tech giants are also working to reduce reliance on passwords. Google Chrome already allows login without a password, and Apple’s iOS 15 and macOS Monterey updates include a Passkeys feature in iCloud Keychain, an attempt to replace passwords with a more secure login process.