Microsoft accounts can now go fully passwordless
Microsoft now lets you remove passwords from Microsoft accounts to embrace a passwordless future. Starting today, the software giant will let consumers sign into Microsoft accounts with its Microsoft Authenticator app, Windows Hello, a security key, or an SMS / email verification code instead of a password.
The new option arrives just months after Microsoft started rolling out passwordless authentication for commercial users in March to help people adjust to the realities of remote work. “When I think of security, I think you’ve got to protect your whole life,” says Vasu Jakkal, corporate vice president of Microsoft security, compliance & identity, in an interview with The Verge. “It’s no longer enough just to think about work or home and anything in between.”
Microsoft has been working toward a passwordless future for years, and the pandemic has only accelerated things. “When you have digital transformation and businesses having to go remote overnight … the number of digital surfaces has increased exponentially,” explains Jakkal. “The number of attack surfaces has increased exponentially, so that was a big driving factor for us in accelerating a lot of our security initiatives.”
Today is a major milestone for Microsoft’s passwordless ambitions, after the company enabled security keys in 2018 and made Windows 10 passwordless in 2019. “We have been rolling this out at Microsoft and nearly 100 percent of Microsoft is now passwordless,” says Jakkal. More than 200 million people are already using passwordless options, and Jakkal is optimistic about the adoption among consumers.
It’s a relatively simple process to remove your password, too. You’ll need to have the Microsoft Authenticator mobile app installed and linked to your personal Microsoft Account. Once that’s complete, you can visit account.microsoft.com and choose advanced security options and then enable passwordless accounts in the additional security section. You then approve the change from your Authenticator app and you’ll be password free. You can always reverse the change and add a password back to your Microsoft account in the future.
The benefits of passwordless authentication are very clear. Most people create their own passwords, and it’s often a challenge to create something that’s secure and memorable without relying on a password manager. People often reuse their passwords, too, allowing attackers to quickly log into a variety of compromised accounts after a particular organization is targeted and passwords are dumped.
Google, Apple, and others are also working toward less reliance on passwords. Google Chrome lets you sign in without a password, and Apple’s iOS 15 and macOS Monterey updates include a Passkeys in iCloud Keychain feature, an attempt to replace passwords with a more secure login process.